Setting up my first Varnish Cache server - varnish

I am attempting to set up my first Varnish Cache server and I have a couple questions for any person(s) experienced.
1.) I am running Varnish as a stand alone server. Do I need Apache also installed on the same server. Ultimately the actual site that will be behind Varnish is not on this server.
2.) Do I point the domain to Varnish and then set the config to point to the ip address of the server that is hosting the site? If so, how do you point it to the right site?
3.) If Varnish is standalone and I have an Apache content server, can they both be port 80 and just change the ip address in the default.vcl
backend default {
.host = "198.221.134.235";
.port = "80";
}
Sorry for the basic questions. I have been on Google all weekend and I found plenty of information on how to install and config Varnish but it seems like the site you want to Cache is on the same server since all of them are changing the port Apache listens to and that seems like it would mean the site is living on the same server.
And if you have any good sites with information, please feel free to share them! Thanks again!

No, Varnish and Apache (or any other HTTP/webserver) can run on a separate server.
Indeed, point the domain to the IP of Varnish and setup a backend as described in the documentation: https://www.varnish-cache.org/docs/3.0/tutorial/backend_servers.html. The IP
of your webserver will be the IP of the backend.
Correct, as long as Apache and Varnish are on separate servers they both can listen on port 80
If I am not mistaken you will have the following setup:
DNS example.com => 1.1.1.1
IP 1.1.1.1:80: Varnish (backend: 1.1.1.2:80)
IP 1.1.1.2:80: Apache

Related

Nginx and Dedicated Varnish

I’m new in varnish, is it possible configure varnish on dedicated varnish server? I have separate nginx lb in front of kubernetes cluster. My goal is caching a lot of static files like .js .css and images or even static page, so every request cache related to services in kubernetes cluster will serve in varnish server, is it possible to do that? I attach varnish configuration, please check
10.10.10.27: nginx-lb-01, 10.10.10.28: nginx-lb-02, 10.10.10.29: Varnish
I already try to configure but I think it failed because when Im check using varnishstat, there’s no traffic average statistic. In every nginx vhost I already config default port site 8080 & redirect to 443
How can I solve this ?
Thank you
varnish config screenshot

Caddy multi-domain reverse proxy

I'm new to Caddy server but their website looked promising. I want to use it as a reverse proxy for the websites that are hosted on other servers. So, I have 2 websites; a Wiki and a photo gallery, that needs to be hosted outside of my local network.
Caddyfile
My Caddyfile is pretty straight forward:
coppery.<my domain name> {
proxy / http://192.168.1.66:80 {
transparent
}
}
wiki.<my domain name> {
proxy / http://192.168.1.88:8080 {
transparent
}
}
When I first started caddy I saw some HTTPS stuff with lets encrypt but that was succesful so now when I start it I get this output:
root#caddy:~# caddy
Activating privacy features... done.
Serving HTTPS on port 443
https://coppery.<my domain name>
https://wiki.<my domain name>
Serving HTTP on port 80
http://coppery.<my domain name>
http://wiki.<my domain name>
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with `ulimit -n 8192`.
I think for now I can dismiss the warning, I might solve that in the future but this is not a production environment anyway.
Portforwarding and DNS
I configured the domain names to resolve to my IP address (this already worked) and when I ping the domain names, they resolve the IP address correctly.
When I access the IP-addresses directly from my local network it works, I get the websites I expect. So I added some configuration on my router and port forwarded port 80 and 443 to the local IP address of the machine hosting the Caddy server.
Now when I try to access coppery.<my domain name> on either HTTP or HTTPS it's not showing anything.
So my only guess is that there is something wrong with the Caddyfile configuration but it's a realy simple case and all I've done is using the examples I found online. Which don't seem to work.
So the question is: What am I missing to make this work as intended?
The problem was the DNS. Once I configured the domain names in my local host file it worked. So the configuration in my question is all correct.

Varnish as a cache in front of apache virtual hosts

I would like to configure varnish as a cache for one of my websites for a temporary heavy load.
I set up several virtual machines with varnish that should cache my main website.
As my main server hosts several websites the apache server is configured to be a virtual host server.
So I defined the main website domainname in the default.vcl instead of an IP address, hoping varnish would propagate the requests properly to the right apache virtualhost.
But it seems it just uses the IP address, and is caching the apache default page that appears when sending a http request to my main website ip address.
Is there a way to configure varnish so it calls my backend using the right url, and not an IP:port ?
my varnish config looks like :
backend default{
.host = "www.myvhost.com";
.port = "80";
}
instead of :
backend default{
.host = "my.ip";
.port = "80";
}
because I need the varnish instances : http://www1.myvhost.com, http://www2.myvhost.com ... to cache the main server http://www.myvhost.com
but not http://myip:80/
Thanks for your help
You probably ean the varnish is the reverse proxy not the apache
As my main server hosts several websites the apache server is
configured to be a reverse proxy.
You can configure your hostname in the backend definition of your default.vcl
https://github.com/mattiasgeniar/varnish-4.0-configuration-templates/blob/master/default.vcl
All your traffic is going to point on the varnish for all your vhosts, excepts if you have several IP on your server.
I think what you are looking for is flitering queries for a single domain. You can achieve this by filtering on the host.
sub vcl_recv {
if (req.http.host ~ "(www\.)?yourdomain\.com") {
return(pass);
}
}
All traffic not on your domain will be directly pass to the backend without lookup

htaccess: is "Allow from 127.0.0.1" safe

I have a website where I keep a dev copy on my local computer, and a live copy on my webhost.
I want to ip-whitelist a particular subdirectory to allow only me to access it. However, if I am working on my local copy via my home network, my ip is 127.0.0.1, whereas when I am working on the live site via the internet my ip address is 184.255.27.13.
So I added both ip's to my .htaccess (identical copy on local server and webhost server):
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 184.255.27.13
Is there any danger to upload the htaccess to the webserver with that generic 127.0.0.1 included?
Is there any danger to upload the htaccess to the webserver with that generic 127.0.0.1 included?
No, since if someone malicious is connecting to your webhosted server from 127.0.0.1, they've already got access to the server itself.
Most likely not, but there could be a security risk, depending on your server configuration.
If you are running beside apache, nginx or stunnel or haproxy or similar software that act as a reverse proxy, and configure it as reverse proxy for the apache server, the apache server could see all incomming connections coming from 127.0.0.1.
But that is not going to happen to a basic LAMP configuration.

deploying a node.js on a new domain

I have a server that runs different websites on different ports. All of them (but one) are Apache servers and thanks to webmin, I managed to have, for instance, example.com point to 123.123.123.123:80 and example.fr to 123.123.123.123:8000, somehow automatically
I am now running a nodejs server on the same machine, so the 80, 8000, and many other ports are already taken. My nodejs listens on 8008. I have another domain name, say example.org, and I want it to point to my nodejs website, but I simply don't know how to do that! I have updated the DNS and everything is pointing to 123.123.123.123 (my server's IP). I want to avoid using an ugly example.org:8008/ for everything on this node server. How can I make it point implicitly to the 8008 port?? I must add that I cannot afford to take down the apache servers ;)
DNS only provides name to ip address mapping. It cannot handle ports. What you can do instead is to set up a proxy server listening on port 80. The proxy server can then return data based on the host header.
Your best option is to just redirect the request from Apache. Otherwise you can use a reverse proxy like Nginx. Also, you can write a lightweight proxy in node... check out this page

Resources