From 3fd9d0c5c6086c35a37c76fd1a2ebd8d7df48cdd Mon Sep 17 00:00:00 2001
From: Evan Kaufman <ekaufman@collegedegrees.com>
Date: Mon, 11 Nov 2013 12:31:18 -0600
Subject: [PATCH 1/8] Simplified varnish cookie cleanup rules

* Removed cleanup of 'has_js' (remnant of drupal stuff from vcl template)
* Removed specific cookie checks, instead removing any underscore prefixed
* Left in removal of Google Analytics "utm" prefixed cookies (debateable, @ericclemmons might have opinion here)

Fixes #28 but more vcl cleanup to do...
---
 .../varnish/files/etc-varnish/production.vcl   | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/production.vcl b/provisioning/roles/varnish/files/etc-varnish/production.vcl
index 82a6d9a..69b5700 100644
--- a/provisioning/roles/varnish/files/etc-varnish/production.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/production.vcl
@@ -94,29 +94,15 @@ sub vcl_recv {
     #
 
     # Some generic cookie manipulation, useful for all templates that follow
-    # Remove the "has_js" cookie
-    set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
 
-    # Remove any Satallite cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__gaid=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "_sdsat_[^=]+=[^;]+(; )?", "");
+    # Remove any '_' prefixed cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "_[^=]+=[^;]+(; )?", "");
 
     # Remove any Google Analytics based cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
     set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
     set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
     set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
 
-    # Remove any Cloudflare cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
-
-    # Remove the Quant Capital cookies (added by some plugin, all __qca)
-    set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
-
-    # Remove the AddThis cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__atuvc=[^;]+(; )?", "");
-
     # Remove a ";" prefix in the cookie if present
     set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
 

From 9c2f3585144aa0f81d41ee637f028f56457f200b Mon Sep 17 00:00:00 2001
From: Evan Kaufman <ekaufman@collegedegrees.com>
Date: Mon, 11 Nov 2013 13:01:33 -0600
Subject: [PATCH 2/8] Simplified cookie logic in receive/wordpress.vcl

* The existing wp cookie check was *starting with* `wp-` or `wprdpress_`, but would not match a 2nd or higher position wp cookie
* The second url check for `wp-(login|admin)` was no longer necessary, so removing all cookies past that point is more efficient
---
 .../etc-varnish/conf.d/receive/wordpress.vcl      | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
index b29a5e1..08822b0 100644
--- a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
@@ -3,19 +3,14 @@ if (req.http.Host ~ "^local\." || (req.url ~ "wp-(login|admin)")) {
     return (pass);
 }
 
-if (req.http.Cookie ~ "^wp-" || req.http.Cookie ~ "^wordpress_") {
+# Pass all requests containing a wp- or wordpress_ cookie
+# (meaning NO caching for logged in users)
+if (req.http.Cookie ~ "^([^;]+;\s*)*?(wp-|wordpress_)") {
   return (pass);
 }
 
-# Drop any cookies sent to Wordpress.
-if (!(req.url ~ "wp-(login|admin)")) {
-    unset req.http.Cookie;
-}
-
-# Anything else left?
-if (!req.http.Cookie) {
-    unset req.http.Cookie;
-}
+# Drop *all* cookies sent to Wordpress, if we've gotten this far
+unset req.http.Cookie;
 
 # Try a cache-lookup
 return (lookup);

From f03dcb20890a72957d4dad50c91185ddc58aa689 Mon Sep 17 00:00:00 2001
From: Evan Kaufman <ekaufman@collegedegrees.com>
Date: Mon, 11 Nov 2013 13:43:10 -0600
Subject: [PATCH 3/8] Removed extra GA cookie checks (turned out to be
 components of __utmz, not cookies themselves)

---
 provisioning/roles/varnish/files/etc-varnish/production.vcl | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/production.vcl b/provisioning/roles/varnish/files/etc-varnish/production.vcl
index 69b5700..fb6b5d9 100644
--- a/provisioning/roles/varnish/files/etc-varnish/production.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/production.vcl
@@ -98,11 +98,6 @@ sub vcl_recv {
     # Remove any '_' prefixed cookies
     set req.http.Cookie = regsuball(req.http.Cookie, "_[^=]+=[^;]+(; )?", "");
 
-    # Remove any Google Analytics based cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
-
     # Remove a ";" prefix in the cookie if present
     set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
 

From 8ab82dae3a05e1bf9023846d5dc40ebc6415e9fb Mon Sep 17 00:00:00 2001
From: Evan Kaufman <ekaufman@collegedegrees.com>
Date: Mon, 11 Nov 2013 12:17:03 -0600
Subject: [PATCH 4/8] Switch varnish from malloc to file caching backend

Fixes #53
---
 provisioning/roles/varnish/files/etc-default-varnish | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provisioning/roles/varnish/files/etc-default-varnish b/provisioning/roles/varnish/files/etc-default-varnish
index e7b80ff..69523ec 100644
--- a/provisioning/roles/varnish/files/etc-default-varnish
+++ b/provisioning/roles/varnish/files/etc-default-varnish
@@ -38,7 +38,7 @@ VARNISH_STORAGE_SIZE=512M
 VARNISH_SECRET_FILE=/etc/varnish/secret
 
 # Backend storage specification
-VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}"
+VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
 
 # Default TTL used when the backend does not specify one
 VARNISH_TTL=120

From fa968732248256eaf34d0742e59dcd0d597d2c48 Mon Sep 17 00:00:00 2001
From: Evan Kaufman <evan@digitalflophouse.com>
Date: Mon, 18 Nov 2013 15:44:31 -0600
Subject: [PATCH 5/8] Removed cache bypass for local.* hostname

---
 .../varnish/files/etc-varnish/conf.d/receive/wordpress.vcl    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
index 08822b0..28abc3c 100644
--- a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
@@ -1,5 +1,5 @@
-# Pass all local or login/admin requests straight through
-if (req.http.Host ~ "^local\." || (req.url ~ "wp-(login|admin)")) {
+# Pass all login/admin requests straight through
+if (req.url ~ "wp-(login|admin)") {
     return (pass);
 }
 

From 99eb9ad8c2854a6229418c8cf24f0e9c521b7ab3 Mon Sep 17 00:00:00 2001
From: Evan Kaufman <evan@digitalflophouse.com>
Date: Fri, 22 Nov 2013 12:04:22 -0600
Subject: [PATCH 6/8] Remove caching for static files

---
 .../roles/varnish/files/etc-varnish/production.vcl | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/production.vcl b/provisioning/roles/varnish/files/etc-varnish/production.vcl
index fb6b5d9..a0b2a7b 100644
--- a/provisioning/roles/varnish/files/etc-varnish/production.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/production.vcl
@@ -129,10 +129,10 @@ sub vcl_recv {
     # A valid discussion could be held on this line: do you really need to cache static files that don't cause load? Only if you have memory left.
     # Sure, there's disk I/O, but chances are your OS will already have these files in their buffers (thus memory).
     # Before you blindly enable this, have a read here: http://mattiasgeniar.be/2012/11/28/stop-caching-static-files/
-    if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
-        unset req.http.Cookie;
-        return (lookup);
-    }
+    # if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
+    #     unset req.http.Cookie;
+    #     return (lookup);
+    # }
 
     # Send Surrogate-Capability headers to announce ESI support to backend
     set req.http.Surrogate-Capability = "key=ESI/1.0";
@@ -226,9 +226,9 @@ sub vcl_fetch {
     # Enable cache for all static files
     # The same argument as the static caches from above: monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
     # Before you blindly enable this, have a read here: http://mattiasgeniar.be/2012/11/28/stop-caching-static-files/
-    if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
-        unset beresp.http.set-cookie;
-    }
+    # if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
+    #     unset beresp.http.set-cookie;
+    # }
 
     # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
     # This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.

From 89cb1372245ac6a0e5c437fbf563a01f16548fe6 Mon Sep 17 00:00:00 2001
From: Evan Kaufman <evan@digitalflophouse.com>
Date: Sun, 24 Nov 2013 10:18:15 -0600
Subject: [PATCH 7/8] Pipe all requests for wp-login or wp-admin

This appears necessary for the web ui installs/updates to work. Should fix #30, and may fix #34 as well!
---
 .../varnish/files/etc-varnish/conf.d/receive/wordpress.vcl      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
index 28abc3c..4ee4ebb 100644
--- a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
@@ -1,6 +1,6 @@
 # Pass all login/admin requests straight through
 if (req.url ~ "wp-(login|admin)") {
-    return (pass);
+    return (pipe);
 }
 
 # Pass all requests containing a wp- or wordpress_ cookie

From 7c8a68322434f5d95f1250b8c68bba53986ba32e Mon Sep 17 00:00:00 2001
From: Evan Kaufman <evan@digitalflophouse.com>
Date: Sun, 24 Nov 2013 11:54:29 -0600
Subject: [PATCH 8/8] Probably best to still pass wp-login requests, and only
 pipe wp-admin reqs

---
 .../files/etc-varnish/conf.d/receive/wordpress.vcl        | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
index 4ee4ebb..0769ad5 100644
--- a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
@@ -1,5 +1,9 @@
-# Pass all login/admin requests straight through
-if (req.url ~ "wp-(login|admin)") {
+# Pass all login requests straight through
+if (req.url ~ "wp-login") {
+    return (pass);
+}
+# Pipe all admin requests directly
+if (req.url ~ "wp-admin") {
     return (pipe);
 }