I have a vanilla Debian DigitalOcean machine and I'm trying to follow the 'developer' course in the Varnish Book. I've got to the first exercise, Installation.
I've installed Apache and got it running on port 8080 (if I go to http://my.ip.xxx.xxx:8080 I see the Apache2 Debian default page. I've also installed Varnish, so steps 1-3 are fine.
Now I'm trying to follow steps 4 and 5. I've edited /etc/default/varnish as follows:
DAEMON_OPTS="-a :80 \
-T localhost:1234 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
And I've edited /etc/varnish/default.vcl as follows:
backend default {
.host = "localhost";
.port = "8080";
}
Then I've run service varnish start, which produces no errors.
But if I go to http://my.ip.xxx.xxx (i.e. with no port number) I just see nothing.
What am I doing wrong?
If I run netstat -ntlp as suggested in the book, I see Varnish on ports 6081 and 6082, and Apache on port 8080, but nothing on port 80.
Old question but had this problem myself. In my case I had to edit /lib/systemd/system/varnishncsa.service as SystemD was taking over the legacy InitD.
[Service]
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:1234 -f /etc/varnish/abadcer.vcl -S /etc/varnish/secret -s malloc,256m
Then you commit the changes and restart Varnish
sudo systemctl daemon-reload
sudo service varnish restart
Related
Can't configure Varnish. Please, help!
(found here only german thread)
I've setted up Nginx 1.10 , Varnish 4.1.1, ISPconfig.
/etc/default/varnish
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,512m"
/etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "81";
}
acl purge {
"localhost";
"127.0.0.1";
}
Nginx virtual host /etc/nginx/sites-available/MyDomain.com.vhost
server {
listen *:81;
...
and when I visite MyDomain.com it shows me content from my server IP adress
/var/www/html/index.html instead /var/www/MyDomain.com/web/index.html
What's wrong?
I don't know what to look first, how to debug ?
Your varnish listen on :6081 and forward all requests to 127.0.0.1:81.
Your nginx listen on *:81
You should request MyDomain.com on port 6081.
If you request MyDomain.com on port 80 you are redirected to the default nginx page.
If you want to make sure, I would suggest to run a varnishlog which will tell you what's passing through varnish in real time.
I have magento website in Linux server (Varnish cache), some of the product details page shows error as
Error 503 Backend fetch failed Guru Meditation: XID: 98757
My website IP is 52.163.xxx.xx
Please find the below details and help me to fix this issue.
/etc/default/varnish
DAEMON_OPTS="-a :8080 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
/etc/varnish/default.vcl
backend default{
.host = "127.0.0.1";
.port = "8080";
}
sudo service varnish restart
Stopping HTTP accelerator varnishd No /usr/sbin/varnishd found running; none killed.
[fail]
Starting HTTP accelerator varnishd [fail]
bind(): Address already in use
bind(): Address already in use
Error: Failed to open (any) accept sockets.
As I understand it, you are running varnish and backend webserver (say nginx or apache) on the very same linux machine, right?
First of all, try to run this command:
sudo netstat -anp | grep LISTEN | grep 8080
And see what process is bound on port 8080 and on which ip.
First part of your question suggests varnish is running, just not be able to connect to backend.
But the second part tells me you are not able to start varnish.
So please make it clear and perhaps attach output from the command above.
Let's continue with second part, i.e. varnish not able to start.
I guess you have backend server running on 8080, be it nginx, apache, whatever.
Your varnish backend config confirms it after all.
Check that web server is bound on 127.0.0.1 and not on 0.0.0.0 not to allow public traffic to connect directly do backend web server.
If this is the case, you have to change listening ip:port of varnish to non-colliding combination.
You can either:
change port to something else as 8080, let's say 80
change port of backend web server to something else if you need 8080 to be public
double check your backend web server is listening on localhost only and bind varnish to your public ip instead of 0.0.0.0 (default, means all machine's ips)
You can do the last option by changing main varnish configuration to:
DAEMON_OPTS="-a 52.163.xxx.xx:8080 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
This scenario has one important drawback. If you somehow come to new public ip, you have to change it in main varnish configuration too. If this is something you can encode into automation recipe, it shouldn't be problem. But if you manage it by hand, be sure you have really good documenting practice or you'll be hunting ghost bugs in future. :)
One mistake is having both Varnish and your backend server running on the same port 8080. You have 2 options to solve this:
Most straightforward and simple. Adjust Varnish DAEMON_OPTS to listen on port 80.
It may still work on the same ports, provided that you make Varnish and your backend server listen on different interfaces:
Varnish would normally listen on external interface. Thus, adjust your Varnish listen parameter to be bound to specific IP: DAEMON_OPTS="-a 52.163.xxx.xx:8080 ...
Bind your backend server (Apache, Nginx, whatever) to listen only on the loopback interface, 127.0.0.1.
Your VCL is "empty" and you should be using corresponding plugin for Magento which will ensure that Varnish caches things, by generating correct VCL file for you:
Magento 1.x: Turpentine plugin
Magento 2.x: .. is able to generate VCL from admin backend of your Magento installation.
I use apache2 and varnish on a debian server, but i have 2 websites one use port 80 and other 443 but i dont have idea for use this with varnish
How i can use port 80 and 443 with varnish ?
Thanks you
/etc/default/varnish
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
/etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "8080";
}
and apache2
NameVirtualHost 127.0.0.1:8080
Listen 127.0.0.1:8080
<VirtualHost 127.0.0.1:8080>
The "recommended" TLS termination companion to Varnish would be Hitch, which is from the same developers. It runs as an independent process and uses the HAProxy PROXY protocol to communicate with Varnish. What this entails Varnish-wise is listening on another port for the PROXY protocol.
Per the Varnish 4.1 documentation, you would listen on both the 6081 (or 80 as the case may be) as well as the internal port, such as 6086
varnishd -f /etc/varnish/default.vcl -a :6081 -a 127.0.0.1:6086,PROXY
You can use the std module to detect whether the origin request came over SSL by doing something like:
sub vcl_recv {
if (std.port(server.ip) == 443) {
set req.http.X-Proto = "https";
}
}
I was struggling to get connected to the Docker API running on a RedHat 7.1 VM, the docker API is running on both a TCP port and a UNIX socket.
To configure this I set -H OPTIONS as follows:
OPTIONS='--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'
in the file:
/etc/sysconfig/docker
Running the docker client on the same box, it connected OK to the docker daemon via either communication path:
docker images
or
docker -H=tcp://127.0.0.1:2375 images
both work equally well.
I was unable to get any sense out of it from another box, I figured the first thing to do would be to prove I can connect to port 2375 from elsewhere. I was having no joy when I tried:
telnet 10.30.144.66 2375
I figured it must be a firewall problem but it took a while longer before I realised it was the firewall built into Linux.
To make 2375 accessable:
Use one of the following depending on your distro
sudo firewall-cmd --zone=public --add-port=2375/tcp --permanent
sudo firewall-cmd --reload
OR
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 2375 -j ACCEPT
sudo /sbin/service iptables save
I was facing similar problem when my IntelliJ IDE was not able to connect docker engine API installed on RHEL.
It got resolved with following:
firewall-cmd --add-port=2376/tcp --permanent
firewall-cmd --reload
systemctl restart docker
I'm using the npm package express version 2.5.2 with node version .0.6.5. I appear to be running bash version 4.1.5 on Debian 4.4.5.
I'm trying to run my server in production mode but it still runs in development mode.
I run these commands in my bash shell:
$ export NODE_ENV=production
$ echo $NODE_ENV
production
$ sudo echo $NODE_ENV
production
$ sudo node bootstrap.js
I have this code inside bootstrap.js:
var bootstrap_app = module.exports = express.createServer();
//...
console.log(bootstrap_app.settings.env);
and here's what I see printed to standard out:
development
Is this a problem with my usage, or my system?
EDIT:
Thanks to ThiefMaster for his properly identifying that this issue stems from my running node as root. ThiefMaster suggested using iptables to forward from port 80 to an unprivileged port, but my system gives me an error. Moving this discussion to superuser.com or serverfault.com (link to follow)
Most environment variables are unset when using sudo for security reasons. So you cannot pass that environment variable to node without modifying your sudoers file to allow that variable to passt through.
However, you shouldn't run node as root anyway. So here's a good workaround:
If you just need it for port 80, run node on an unprivileged port and setup an iptables forward to map port 80 to that port:
iptables -A PREROUTING -d 1.2.3.4/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 2.3.4.5:1234
Replace 1.2.3.4 with your public IP, 2.3.4.5 with the IP node runs on (could be the public one or 127.0.0.1) and 1234 with the port node runs on.
With a sufficiently recent kernel that has capability support you could also grant the node executable the CAP_NET_BIND_SERVICE privilege using the following command as root:
setcap 'cap_net_bind_service=+ep' /usr/bin/node
Note that this will allow any user on your system to open privileged ports using node!
sudo NODE_ENV=production /usr/local/bin/node /usr/local/apps/test/app.js