I'm running MAMP 3.2.2 on Windows 10, with Apache on port 8888. I'm trying to password protect the directory C:\MAMP\htdocs\admin\ by placing a .htaccess and a .htpasswd files inside it.
.htacess is:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile C:\MAMP\htdocs\admin\.htpasswd
Require valid-user
.htpasswd (user = test; password = test) is:
test:dGRkPurkuWmW2
I checked MAMP's Apache httpd.conf and it says, in line 202:
<Directory />
Options FollowSymLinks ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
And, in line 220:
<Directory "C:\MAMP\htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks ExecCGI
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
When trying to navigate to "http://localhost:8888/admin/index.php" I get the "Authentication Required" dialog, saying that "http://localhost:8888 is requesting your username and password". But, after entering username and password, the dialog keeps reappearing, instead of granting me access.
What am I missing?
Thank you in advance!
The password test:dGRkPurkuWmW2 is wrong. Check the log files (\mamp\apache\logs\error.log) to see the error messages, there should be something like this:
[Sat Dec 10 10:39:04.965830 2016] [auth_basic:error] [pid 2200:tid 1648] [client ::1:49487] AH01617: user test: authentication failure for "/protected/": Password Mismatch
Use this HTPasswd Generator form to generate a valid password, which in your case for user test and password test will be something like this, but it always produces something different:
test:$apr1$2pi0lu5b$Omg8StTZWO0m5lMfq/D8d.
Here is a screen capture with my working example using the password above:
UPDATE
Note that this algorithm is working for Windows. The password you have at your code ($encryptedPassword = crypt($typedPassword, base64_encode($typedPassword));) works on Linux based systems and it is the default algorithm used by Apache 2.2.17 and older. From Apache 2.2.18, the default encryption method is based on MD5 and it can be used on both Windows and Linux based systems. You can read more about it here How to generate passwords for .htpasswd using PHP.
PHP code with the function crypt_apr1_md5 to generate a .htpasswd password entry for APR1-MD5 encryption compatible for windows:
<?php
// APR1-MD5 encryption method (windows compatible)
function crypt_apr1_md5($plainpasswd)
{
$salt = substr(str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"), 0, 8);
$len = strlen($plainpasswd);
$text = $plainpasswd.'$apr1$'.$salt;
$bin = pack("H32", md5($plainpasswd.$salt.$plainpasswd));
for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $plainpasswd{0}; }
$bin = pack("H32", md5($text));
for($i = 0; $i < 1000; $i++)
{
$new = ($i & 1) ? $plainpasswd : $bin;
if ($i % 3) $new .= $salt;
if ($i % 7) $new .= $plainpasswd;
$new .= ($i & 1) ? $bin : $plainpasswd;
$bin = pack("H32", md5($new));
}
for ($i = 0; $i < 5; $i++)
{
$k = $i + 6;
$j = $i + 12;
if ($j == 16) $j = 5;
$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
}
$tmp = chr(0).chr(0).$bin[11].$tmp;
$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
return "$"."apr1"."$".$salt."$".$tmp;
}
// Password to be used for the user
$username = 'test';
$password = 'test';
// Encrypt password
$encrypted_password = crypt_apr1_md5($password);
// Print line to be added to .htpasswd file
echo $username . ':' . $encrypted_password;
Related
I am trying to make a site with mvc structure. I have this :
www/
blog/
app/
admin/
controller/
model/
view/
config/
front/
controller/
model/
view/
assets/
images/
libs/
portfolio /
I have a first .htaccess at the root (www/) for Gzip compression and stuff.
I have a second .htaccess for my blog (in www/blog/) with my very basic redirection system :
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
#QSA permet de garder les paramètres GET et les ajouter à la suite
RewriteRule (.*) index.php?p=$1 [QSA]
The file index.php in www/blog/ parses the url and uses the right controllers like this :
//****************************************************
include_once(APP_f.controller/controller.class.php');
$controlF = new ControleurF();
include_once(APP_b.'controleur/controleur.class.php');
$controlB = new ControleurB();
if (isset($_GET['p'])&&(substr($_GET['p'],0,4)== 'admin')) {
//on est dans l'admin
$lapage=explode('/',$_GET['p']);
if (!empty($lapage[1])) {$pp = $lapage[1];} else {$pp="index";}
if (!isset($pp) OR $pp == 'index')
{
$ctrl = "home"; $p = $ctrl;
} else {
$params = explode('/',$pp);
$ctrl = $params[0]; $p = $ctrl;
if (isset($params[1])) {
if ($params[1]<>"") {$p = $params[1];}
}
}
$c=$controlB->load($ctrl);
include_once($c);
}else{
//on est en front
if (!isset($_GET['p']) OR $_GET['p'] == 'index')
{
$ctrl = "home"; $p = $ctrl;
} else {
$params = explode('/',$_GET['p']);
$ctrl = $params[0]; $p = $ctrl;
if (isset($params[1])) {
if ($params[1]<>"") {$p = $params[1];}
}
}
$c=$controlF->load($ctrl);
include_once($c);
}
//****************************************************
Everything works fine but i am having trouble understanding how i could secure my admin folder with .htaccess/.htpasswd
Is there a way to do something like that in www/blog/.htaccess :
<Directory admin>
AuthUserFile "/home/foobar/www/blog/.htpasswd"
AuthGroupFile /dev/null
AuthName "Admin"
AuthType Basic
Require valid-user
</Directory>
The Directory directive can only be used in server configuration or virtual host files. It cannot be used in htaccess files. It is described in Apache Directory Directive.
To password protect a directory using htaccess, you have to enter the following in .htaccess file:
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user rbowen
The above commands will password protect the folder containing the htaccess file. The command: htpasswd -c /usr/local/apache/passwd/passwords rbowen generates a password for the user rbowen. It is described in Apache Authentication and Authorization
I find a way : use sessions with php
http://www.apprendre-php.com/tutoriels/tutoriel-14-les-sessions.html
I am using the nagios to monitor gearman and getting error "CRITICAL - function 'xxx' is not registered in the server"
Script that nagios execute to check the gearman is like
#!/usr/bin/env perl
# taken from: gearmand-0.24/libgearman-server/server.c:974
# function->function_name, function->job_total,
# function->job_running, function->worker_count);
#
# this code give following result with gearadmin --status
#
# FunctionName job_total job_running worker_count
# AdsUpdateCountersFunction 0 0 4
use strict;
use warnings;
use Nagios::Plugin;
my $VERSION="0.2.1";
my $np;
$np = Nagios::Plugin->new(usage => "Usage: %s -f|--flist <func1[:threshold1],..,funcN[:thresholdN]> [--host|-H <host>] [--port|-p <port>] [ -c|--critworkers=<threshold> ] [ -w|--warnworkers=<threshold>] [-?|--usage] [-V|--version] [-h|--help] [-v|--verbose] [-t|--timeout=<timeout>]",
version => $VERSION,
blurb => 'This plugin checks a gearman job server, expecting that every function in function-list arg is registered by at least one worker, and expecting that job_total is not too much high.',
license => "Brought to you AS IS, WITHOUT WARRANTY, under GPL. (C) Remi Paulmier <remi.paulmier\#gmail.com>",
shortname => "CHECK_GEARMAN",
);
$np->add_arg(spec => 'flist|f=s',
help => q(Check for the functions listed in STRING, separated by comma. If optional threshold is given (separated by :), check that waiting jobs for this particular function are not exceeding that value),
required => 1,
);
$np->add_arg(spec => 'host|H=s',
help => q(Check the host indicated in STRING),
required => 0,
default => 'localhost',
);
$np->add_arg(spec => 'port|p=i',
help => q(Use the TCP port indicated in INTEGER),
required => 0,
default => 4730,
);
$np->add_arg(spec => 'critworkers|c=i',
help => q(Exit with CRITICAL status if fewer than INTEGER workers have registered a particular function),
required => 0,
default => 1,
);
$np->add_arg(spec => 'warnworkers|w=i',
help => q(Exit with WARNING status if fewer than INTEGER workers have registered a particular function),
required => 0,
default => 4,
);
$np->getopts;
my $ng = $np->opts;
# manage timeout
alarm $ng->timeout;
my $runtime = {'status' => OK,
'message' => "Everything OK",
};
# host & port
my $host = $ng->get('host');
my $port = $ng->get('port');
# verbosity
my $verbose = $ng->get('verbose');# look for gearadmin, use nc if not found
my #paths = grep { -x "$_/gearadmin" } split /:/, $ENV{PATH};
my $cmd = "gearadmin --status -h $host -p $port";
if (#paths == 0) {
print STDERR "gearadmin not found, using nc\n" if ($verbose != 0);
# $cmd = "echo status | nc -w 1 $host $port";
$cmd = "echo status | nc -i 1 -w 1 $host $port";
}
foreach (`$cmd 2>/dev/null | grep -v '^\\.'`) {
chomp;
my ($fname, $job_total, $job_running, $worker_count) =
split /[[:space:]]+/;
$runtime->{'funcs'}{"$fname"} = {job_total => $job_total,
job_running => $job_running,
worker_count => $worker_count };
# print "$fname : $runtime->{'funcs'}{\"$fname\"}{'worker_count'}\n";
}
# get function list
my #flist = split /,/, $ng->get('flist');
foreach (#flist) {
my ($fname, $fthreshold);
if (/\:/) {
($fname, $fthreshold) = split /:/;
} else {
($fname, $fthreshold) = ($_, -1);
}
# print "defined for $fname: $runtime->{'funcs'}{\"$fname\"}{'worker_count'}\n";
# if (defined($runtime->{'funcs'}{"$fname"})) {
# print "$fname is defined\n";
# } else {
# print "$fname is NOT defined\n";
# }
if (!defined($runtime->{'funcs'}{"$fname"}) &&
$runtime->{'status'} <= CRITICAL) {
($runtime->{'status'}, $runtime->{'message'}) =
(CRITICAL, "function '$fname' is not registered in the server");
} else {
if ($runtime->{'funcs'}{"$fname"}{'worker_count'} <
$ng->get('critworkers') && $runtime->{'status'} <= CRITICAL) {
($runtime->{'status'}, $runtime->{'message'}) =
(CRITICAL,
"less than " .$ng->get('critworkers').
" workers were found having function '$fname' registered.");
}
if ($runtime->{'funcs'}{"$fname"}{'worker_count'} <
$ng->get('warnworkers') && $runtime->{'status'} <= WARNING) {
($runtime->{'status'}, $runtime->{'message'}) =
(WARNING,
"less than " .$ng->get('warnworkers').
" workers were found having function '$fname' registered.");
}
if ($runtime->{'funcs'}{"$fname"}{'job_total'} > $fthreshold
&& $fthreshold != -1 && $runtime->{'status'}<=WARNING) {
($runtime->{'status'}, $runtime->{'message'}) =
(WARNING,
$runtime->{'funcs'}{"$fname"}{'job_total'}.
" jobs for $fname exceeds threshold $fthreshold");
}
}
}
$np->nagios_exit($runtime->{'status'}, $runtime->{'message'});
When the script is executed simply by command line it says "everything ok"
But in nagios it shows error "CRITICAL - function 'xxx' is not registered in the server"
Thanks in advance
After spending long time on this, finally got the answer all that have to do is.
yum install nc
nc is what that was missing from the system.
With Regards,
Bankat Vikhe
Not easy to say but it could be related to your script not being executable as embedded Perl.
Try with # nagios: -epn at the beginning of the script.
#!/usr/bin/env perl
# nagios: -epn
use strict;
use warnings;
Be sure to check all the hints in the Perl Plugins section of the Nagios Plugin Development Guidelines
I'm trying to use Swiftmailer with Symfony 2.4.
Here is my config.yml :
# This file is auto-generated during the composer install
# parameters:
# mailer_transport: gmail
# mailer_host: smtp.gmail.com
# mailer_user: jules.truong.pro#gmail.com
# mailer_password: XXXXXX
# mailer_port: 465
# locale: fr
# secret: XXXX
And this is parameters.yml
# Swiftmailer Configuration
# swiftmailer:
# transport: %mailer_transport%
# username: %mailer_user%
# password: %mailer_password%
My code is pretty basic :
# $request = $this->get('request');
# $dataSubject = $request->query->get('lbSubject');
# $dataEmail = $request->query->get('lbEmail');
# $dataMessage = $request->query->get('lbMessage');
# //Récupération du service
# $mailer = $this->get('mailer');
#
# // Création de l'e-mail : le service mailer utilise SwiftMailer, donc nous créons une instance de Swift_Message
# $message = \Swift_Message::newInstance()
# ->setSubject($dataSubject)
# ->setFrom($dataEmail)
# ->setTo('julestruonglolilol#email.com')
# ->setBody($dataMessage);
#
# try
# {
# if (!$mailer->send($message, $failures))
# {
# return new Response('Erreur' . $failures,400);
# }
# return new Response('OK',200);
# }
# catch(Exception $e)
# {
# return new Response('Erreur' . $failures,400);
# }
At the end, it returns an error
Connection could not be established with host smtp.gmail.com
This is pretty offensive because i know my password .
After a few minutes, i receive and email that tells me that someone tried to hack my account etc ...
Oh and i'm running this with Wamp, so in local.
Is this my code that has a problem or Google maybe ?
Thanks
Try adding the following to your swiftmail configuration as GMail requires encryption/ssl connection
encryption: ssl
I have a Perl Script, which registers SNMP OIDs. With SNMP 1/2c, it is able to successfully register all OIDs. However, with SNMP V3, it only partially works.
As you see below, with SNMP V3, it is able to register "$root_OID.0.0.0" successfully. However, it timeouts when trying to invoke the java code for "$root_OID.0.0.1".
Does anyone know, why I'm able to make a successful java call in SNMP V1/2c, but not SNMP V3?
Many Thanks
Here is my Perl script:
#!/usr/bin/perl
use NetSNMP::OID (':all');
use NetSNMP::ASN qw(ASN_OCTET_STR ASN_INTEGER);
use NetSNMP::agent (':all');
sub myhandler {
my ($handler, $registration_info, $request_info, $requests) = #_;
my $request;
my $root_OID = ".1.3.6.1.4.1.8072.9999.9999.0";
my $CLASSPATH = "/opt/BPL/JBoss/BPL_JBossJMX.jar:/opt/jboss-5.1/client/*";
my $CLASSNAME = "com.XXXXX.XXXXX.XXXXX.jmx.BPLJbossJMX_For_SNMP";
my $ENV = "localhost";
my $PORT = "8099";
my $LOG4JFILELOC = "/opt/BPL/JBoss/JBoss-BPL-Log4j.xml";
for($request = $requests; $request; $request = $request->next()) {
my $oid = $request->getOID();
if ($request_info->getMode() == MODE_GETNEXT) {
if ($oid < new NetSNMP::OID("$root_OID.0.0.0")) {
my $INPUTSTRNAME = "HeapMemoryUsageZZZZZ";
$request->setOID("$root_OID.0.0.0");
$request->setValue(ASN_OCTET_STR, $INPUTSTRNAME);
} elsif ($oid < new NetSNMP::OID("$root_OID.0.0.1")) {
my $INPUTSTRNAME = "HeapMemoryUsage";
my $OUTPUT= `java -cp $CLASSPATH $CLASSNAME $ENV $PORT $INPUTSTRNAME $LOG4JFILELOC`;
chomp($OUTPUT);
$request->setOID("$root_OID.0.0.1");
$request->setValue(ASN_INTEGER, $OUTPUT);
}
}
}
}
my $rootOID = ".1.3.6.1.4.1.8072.9999.9999.0";
my $regoid = new NetSNMP::OID($rootOID);
$agent->register("BPL-JBoss", $regoid, \&myhandler);
Here is my /etc/snmp/snmpd.conf file (SNMP V1/2c disabled):
###############################################################################
# snmpd.conf:
###############################################################################
#com2sec notConfigUser default public
# groupName securityModel securityName
#group notConfigGroup v1 notConfigUser
#group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.4.1.8072.1.3.2
view systemview included .1.3.6.1.2.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1.3.6.1.4.1.2021
view systemview included .1.3.6.1.4.1.8072.9999.9999
#access notConfigGroup "" any noauth exact systemview none none
###############################################################################
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root <root#localhost> (configure /etc/snmp/snmp.local.conf)
###############################################################################
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
###############################################################################
perl do "/home/XXXXXXX/JBoss_hello_world.pl"
rouser TEST_USERNAME priv
Here is the results of my SNMPWALK, when using SNMPV3.
-$snmpwalk -v 3 -l authPriv -a sha -A TEST_PASSWORD -x AES -X TEST_PASSWORD -u TEST_USERNAME localhost .1.3.6.1.4.1.8072.9999.9999
NET-SNMP-MIB::netSnmpPlaypen.0.0.0.0 = STRING: "HeapMemoryUsageZZZZZ"
Timeout: No Response from localhost
Our company recently decided to start working with the Varnish HTTP accelerator. Most important why we chose this solution was because we are a company that specializes in building web shops (Magento Enterprise) => Magento has a commercial plugin that works together with varnish.
The varnish configuration is already present on our testing environment, which contains 1 (software) load balancer running a varnish instance, 2 apache webservers and 1 storage + 1 mysql server.
However now the time has come to add the Varnish to our development environment (virtualbox with 1GB of ram running debian which has the database, webserver, files running all on the same machine)
Could anyone post a default.vcl configuration file for this setup?
Apache2 runs on port 80.
Thanks in advance,
Kenny
EDIT: I found and posted the solution below.
This link has an excellent discussion of using Varnish on big production Web sites. In particular, look at the /etc/default/varnish or /etc/sysconfig/varnish DAEMON OPTS that put the cache 'file' into memory, instead of disk:
http://www.lullabot.com/articles/varnish-multiple-web-servers-drupal
The snippet I'm talking about:
DAEMON_OPTS="-a :80,:443 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u varnish -g varnish \
-S /etc/varnish/secret \
-p thread_pool_add_delay=2 \
-p thread_pools=2 \
-p thread_pool_min=400 \
-p thread_pool_max=4000 \
-p session_linger=50 \
-p sess_workspace=262144 \
-s malloc,3G"
I found the solution after more searching. Basically we need to sure that varnish is listening on the 80 port and apache on the 8080 port (or anything else!).
Here my default.vcl file (located in /etc/varnish/default.vcl):
# default backend definition. Set this to point to your content server.
backend apache1 {
.host = "127.0.0.1";
.port = "8080";
}
director lb round-robin {
{.backend=apache1;}
}
# add your Magento server IP to allow purges from the backend
acl purge {
"localhost";
"127.0.0.1";
}
# needed for TTL handling
C{
#include <errno.h>
#include <limits.h>
}C
sub vcl_recv {
set req.backend=lb;
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE" &&
req.request != "PURGE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
# purge request
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
purge("obj.http.X-Purge-Host ~ " req.http.X-Purge-Host " && obj.http.X-Purge-URL ~ " req.http.X-Purge-Regex " && obj.http.Content-Type ~ " req.http.X-Purge-Content-Type);
error 200 "Purged.";
}
# we only deal with GET and HEAD by default
if (req.request != "GET" && req.request != "HEAD") {
return (pass);
}
# static files are always cacheable. remove SSL flag and cookie
if (req.url ~ "^/(media|js|skin)/.*\.(png|jpg|jpeg|gif|css|js|swf|ico)$") {
unset req.http.Https;
unset req.http.Cookie;
}
# not cacheable by default
if (req.http.Authorization || req.http.Https) {
return (pass);
}
# do not cache any page from
# - index files
# - ...
if (req.url ~ "^/(index)") {
return (pass);
}
# as soon as we have a NO_CACHE or admin cookie pass request
if (req.http.cookie ~ "(NO_CACHE|adminhtml)=") {
return (pass);
}
# normalize Aceept-Encoding header
# http://varnish.projects.linpro.no/wiki/FAQ/Compression
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
# No point in compressing these
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# remove Google gclid parameters
set req.url = regsuball(req.url,"\?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA"
set req.url = regsuball(req.url,"\?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar"
set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz"
# decided to cache. remove cookie
#unset req.http.Cookie;
return (lookup);
}
Here's the content of the varnish file (/etc/default/varnish):
# Configuration file for varnish
#
# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
# to be set from this shell script fragment.
#
# Should we start varnishd at boot? Set to "yes" to enable.
START=yes
# Maximum number of open files (for ulimit -n)
NFILES=131072
# Maximum locked memory size (for ulimit -l)
# Used for locking the shared memory log in memory. If you increase log size,
# you need to increase this number as well
MEMLOCK=82000
# Default varnish instance name is the local nodename. Can be overridden with
# the -n switch, to have more instances on a single server.
INSTANCE=$(uname -n)
# This file contains 4 alternatives, please use only one.
## Alternative 1, Minimal configuration, no VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# content server on localhost:8080. Use a 1GB fixed-size cache file.
#
# DAEMON_OPTS="-a :6081 \
# -T localhost:6082 \
# -b localhost:8080 \
# -u varnish -g varnish \
# -S /etc/varnish/secret \
# -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
## Alternative 2, Configuration with VCL
#
# Listen on port 6081, administration on localhost:6082, and forward to
# one content server selected by the vcl file, based on the request. Use a 1GB
# fixed-size cache file.
#
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"
## Alternative 3, Advanced configuration
#
# See varnishd(1) for more information.
#
# # Main configuration file. You probably want to change it :)
# VARNISH_VCL_CONF=/etc/varnish/default.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=
# VARNISH_LISTEN_PORT=6081
#
# # Telnet admin interface listen address and port
# VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
# VARNISH_ADMIN_LISTEN_PORT=6082
#
# # The minimum number of worker threads to start
# VARNISH_MIN_THREADS=1
#
# # The Maximum number of worker threads to start
# VARNISH_MAX_THREADS=1000
#
# # Idle timeout for worker threads
# VARNISH_THREAD_TIMEOUT=120
#
# # Cache file location
# VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin
#
# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
# VARNISH_STORAGE_SIZE=1G
#
# # File containing administration secret
# VARNISH_SECRET_FILE=/etc/varnish/secret
#
# # Backend storage specification
# VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
#
# # Default TTL used when the backend does not specify one
# VARNISH_TTL=120
#
# # DAEMON_OPTS is used by the init script. If you add or remove options, make
# # sure you update this section, too.
# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
# -f ${VARNISH_VCL_CONF} \
# -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
# -t ${VARNISH_TTL} \
# -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
# -S ${VARNISH_SECRET_FILE} \
# -s ${VARNISH_STORAGE}"
#
## Alternative 4, Do It Yourself
#
# DAEMON_OPTS=""
After that you can monitor how varnish serves the content (from what source) by typing
varnishlog | grep URL
Apache can be used to SSL terminate (decrypt), check http://noosfero.org/Development/Varnish#SSL