我有以下vcl_deliver子程序:
sub vcl_deliver {
# Remove some HTTP-headers:
unset resp.http.Server;
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.X-Cacheable;
unset resp.http.Age;
return (deliver);
}
现在奇怪的是,除了Server标头之外,所有其他 HTTP 标头都被删除了(我已经使用curl和 Google Chrome 进行了检查)。当我使用 进行调试时varnishlog -g raw,我得到了以下信息:
202443 RespProtocol c HTTP/1.1
202443 RespStatus c 200
202443 RespReason c OK
202443 RespHeader c Server: nginx
202443 RespHeader c Content-Type: text/html; charset=UTF-8
202443 RespHeader c Vary: Accept-Encoding
202443 RespHeader c Cache-Control: no-cache, private
202443 RespHeader c Date: Sun, 12 Aug 2018 14:19:11 GMT
202443 RespHeader c X-Frame-Options: SAMEORIGIN
202443 RespHeader c X-XSS-Protection: 1; mode=block
202443 RespHeader c X-Content-Type-Options: nosniff
202443 RespHeader c Content-Encoding: gzip
202443 RespHeader c X-Varnish: 202443 168601
202443 RespHeader c Age: 69910
202443 RespHeader c Via: 1.1 varnish (Varnish/5.0)
202443 VCL_call c DELIVER [7/171]
202443 RespUnset c Server: nginx
202443 RespUnset c X-Varnish: 202443 168601
202443 RespUnset c Via: 1.1 varnish (Varnish/5.0)
202443 RespUnset c Age: 69910
202443 VCL_return c deliver
202443 Timestamp c Process: 1534153462.090447 0.000147 0.000147
202443 RespUnset c Content-Encoding: gzip
202443 RespHeader c Accept-Ranges: bytes
202443 Debug c "RES_MODE 40"
202443 RespHeader c Connection: close
202443 Gzip c U D - 0 0 0 0 0
202443 Timestamp c Resp: 1534153462.090535 0.000235 0.000088
202443 ReqAcct c 229 0 229 302 0 302
202443 End c
202442 SessClose c REQ_CLOSE 0.000
202442 End c
正如我们所见(RespUnset Server: nginx)Varnish 正在尝试删除 HTTP标头 - 但为什么当我使用Google ChromeServer进行调试时它仍然出现?curl
答案1
您必须使用 Varnish 和 nginx“三明治”来实现 SSL 终止:
nginx(SSL)-> Varnish -> nginx
因此很自然地,在 Varnish 中删除Server标头后,nginx(SSL)仍然会发送它自己的标头。
解决办法是删除 nginx 中的服务器标头例如使用 headers-more nginx 模块:
more_clear_headers Server;