Example varnish config for Joomla and WordPress

This example has a webserver running on the same server on port 8080, this can easlily be changed by editing host ip and port vallues bellow.

The config does also not cache when logged in.
Cache will only store cache content for 5 minutes.

backend webserver {
.host = "127.0.0.1";
.port = "8080";
}
## Recieve
sub vcl_recv {
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
# If the browser supports it, we'll use gzip.
set req.http.Accept-Encoding = "gzip";
}
else if (req.http.Accept-Encoding ~ "deflate") {
# Next, try deflate if it is supported.
set req.http.Accept-Encoding = "deflate";
}
else {
# Unknown algorithm. Remove it and send unencoded.
unset req.http.Accept-Encoding;
}
}
# Forward client's IP to backend
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# Proxy (pass) any request that goes to the backend admin,
# the banner component links or any post requests
# You can add more pages or entire URL structure in the end of the "if"
if(req.http.cookie ~ "userID" || req.http.cookie ~ "wordpress_logged_in" || req.url ~ "^/administrator" || req.url ~ "^/component/banners" || req.request == "POST" || req.url ~ "wp-(login|admin)") {
return (pass);
}
# Check for the custom "x-logged-in" header to identify if the visitor is a guest,
# then unset any cookie (including session cookies) provided it's not a POST request
if(req.http.x-logged-in == "False" && req.request != "POST"){
unset req.http.cookie;
}
# Properly handle different encoding types
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
# No point in compressing these
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm (aka crappy browser)
remove req.http.Accept-Encoding;
}
}
# Cache files with these extensions
if (req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
return (lookup);
}
# Set how long Varnish will cache content depending on whether your backend is healthy or not
if (req.backend.healthy) {
set req.grace = 5m;
} else {
set req.grace = 1h;
}
return (lookup);
}
## Fetch
sub vcl_fetch {
# Check for the custom "x-logged-in" header to identify if the visitor is a guest,
# then unset any cookie (including session cookies) provided it's not a POST request
if(req.request != "POST" && beresp.http.x-logged-in == "False") {
unset beresp.http.Set-Cookie;
}
# Allow items to be stale if needed (this value should be the same as with "set req.grace"
# inside the sub vcl_recv {.} block (the 2nd part of the if/else statement)
set beresp.grace = 1h;
# Serve pages from the cache should we get a sudden error and re-check in one minute
if (beresp.status == 503 || beresp.status == 502 || beresp.status == 501 || beresp.status == 500) {
set beresp.grace = 60s;
return (restart);
}
# Unset the "etag" header (suggested)
unset beresp.http.etag;
if(beresp.http.Cache-Control == "no-cache" || beresp.http.Cache-Control == ""){
set beresp.http.Cache-Control = "max-age=300, public, must-revalidate";
}
# Don't allow static files to set cookies.
if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
# beresp == Back-end response from the web server.
unset beresp.http.set-cookie;
}
# Allow items to be stale if needed.
set beresp.grace = 6h;
unset beresp.http.Server;
set beresp.http.Server = "StarGazer";
## Remove the X-Forwarded-For header if it exists.
remove req.http.X-Forwarded-For;
remove req.http.X-Content-Encoded-By;
## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Deliver the content
set beresp.ttl = 300s;
set beresp.http.LiveForSec = beresp.ttl;
return(deliver);
}
## Deliver
sub vcl_deliver {
## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
## Since we're not caching (yet), why bother telling people we use it?
remove resp.http.X-Varnish;
remove resp.http.Via;
remove resp.http.Age;
remove resp.http.Vary;
## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
remove resp.http.X-Powered-By;
}