Caching is always a tricky thing and a good caching strategy always depends on the use cases of the website.
Of course there are tons of possible ways to cache a content on a website - I only want to look at the most promising cache levels:
The first thing to consider is, if your website looks different based on certain criterias. For example (from easy to hard to solve):
The best you can do is allow client side caching. In TYPO3 this is pretty easy, you just need to set:
The precondition is, that the page is cacheable (no user INT).
TYPO3 then sends proper Cache-Control Headers.The Expire time is depending on the settings in the page: You can control the expire time for all pages in the page properties (Cache expire). (Default is always one day or you set the default with config.cache_period ). Also you can set the expire to end at midnight with:
There are a lot of plugins, that are USER_INT. Some of them could be USER if done in a proper way:
Also its always a possible solution to let the client (browser) load the dynamic parts via ajax after dom ready. This is a nice solution - since the user immediately sees the website - and still has dynamic informations. This is for example the case for the login box used on the typo3.org relaunch.
If your page offers a login, and the page looks different after login you have problems with Cache-Control headers: When the urls to the pages stay the same, your browser might have a cached page and therefore will not ask for a new one that includes the changed content. So if you still want to use Cache-Headers, you have this possibilities
If you only have Cache-Headers, TYPO3 still needs to deliver the page for every new user. By adding another layer of cache even this can be avoided.
Fabrizio wrote a nice blog article on setting up Nginx + Varnish: www.fabrizio-branca.de/nginx-varnish-apache-magento-typo3.html
Cookies might be a problem. A typical Varnish configuration will not cache if the server sends cookies. And TYPO3 per default always sends cookies, because you need this for the login. There are several solutions:
If you dont use https for your frontend login, TYPO3 offers a way to still secure your login. This is done with the help of the extension "rsaauth" and can be activated by setting the securityLevel to "rsa". However this extension is not functional with client side caching - so please use https and deactivate rsa...
A recommended login configuration is:
$TYPO3_CONF_VARS['FE']['loginSecurityLevel'] = 'normal';
and have "saltedpasswd" installed and activated in extension settings.
(For the backend you should use lockSLL )
TYPO3 might still send PHPSESSION cookies - they can be dropped in varnish. ( see also Bug: forge.typo3.org/issues/29927 )
ESI is a technique from varnish to get dynamic content in a cached page. The extension moc_varnish has support for this (rewriting USER_INT to ESI Includes).
But in fact I think ESI don't has advantages:
AOE press releases
Distributed architectures for web applications (µService architectures) are in demand. However, without preventive measures, such systems are often more susceptible to (D)DoS attacks or overloads than monolithic dinosaurs. But why is this so? The following example quickly makes this clear.
AOE press releases
Many medium-sized retailers believe that cybercrime does not affect them because they are too small or too uninteresting. Yet the e-commerce industry is particularly attractive to criminals. IT security can thus quickly become a business issue that web platform operators in particular should have at the top of their agenda (article in German).