0

我对 Varnish 有以下配置。但是当我访问应用程序时,它不要求登录,它只是登录。我做错了什么?

默认.vcl

backend default {
 .host = "127.0.0.1";
 .port = "80";
}


sub vcl_recv { 
     if(req.url ~ "sign_in" || req.url ~ "sign_out" || req.request == "POST" || req.request == "PUT" || req.request == "DELETE") {
    return (pass);
    }
    return (lookup);
}

sub vcl_fetch {
if(req.url ~ "logout" || req.url ~ "sign_out"){
    unset beresp.http.Set-Cookie;
}
if (req.request == "GET") {
       unset beresp.http.Set-Cookie;
       set beresp.ttl = 360m;
}

if (req.url ~ "images/" || req.url ~ "javascripts" || req.url ~ "stylesheets" || req.url ~ "assets"){
       set beresp.ttl = 360m;
}
}

/etc/默认/清漆

DAEMON_OPTS="-a 192.241.136.37:80 \
         -T localhost:6082 \
         -f /etc/varnish/default.vcl \
         -S /etc/varnish/secret \
         -s malloc,256m"

/etc/nginx/sites-enabled/default

 upstream app {
  server unix:/tmp/unicorn.socket fail_timeout=0;
}

server {
listen 80;
client_max_body_size 2G;
server_name localhost;
keepalive_timeout 5;
root /home/deploy/apps/wms/current/public;
access_log  off;
error_log off;

if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
    return 405;
}

location ~ ^/(assets)/  {  
    gzip_static on;
    expires     max;
    add_header  Cache-Control public;
} 

location / {
    try_files $uri/index.html $uri.html $uri @app;
    error_page 404              /404.html;
    error_page 422              /422.html;
    error_page 500 502 503 504  /500.html;
    error_page 403              /403.html;
}

location @app {
    proxy_pass http://app;
}

location = /favicon.ico {
    expires    max;
    add_header Cache-Control public;
}

location ~ \.php$ {
    deny  all;
}

}
4

1 回答 1

1

您正在阻止后端删除会话 cookie,因此除非您明确删除浏览器的 cookie,否则您无法注销。

查看您的 fetch VCL(内联评论):

sub vcl_fetch {
  # This prevents server from deleting the cookie in the browser when loging out
  if(req.url ~ "logout" || req.url ~ "sign_out"){
    unset beresp.http.Set-Cookie;
  }
  if (req.request == "GET") {
    unset beresp.http.Set-Cookie;
    set beresp.ttl = 360m;
  }
  if (req.url ~ "images/" || req.url ~ "javascripts" || req.url ~ "stylesheets" || req.url ~ "assets"){
    set beresp.ttl = 360m;
  }
}

因此,除非是 POST 请求,否则您的后端无法删除客户端的 cookie。

恕我直言,除非您知道(并且测试良好)可能的副作用,否则您不应该弄乱后端的 Set-Cookie 标头

于 2013-08-28T19:57:20.950 回答