Tikejhya: Ashish Nepal

Knowledgebase

Category: Varnish

varnish block URL

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

e.g. Block url which does not end with 2 digit and trailing / or without trailing /.

 

# request url is not queal to /something/pages/23/ or any two digit and / or without /

if (req.url !~ “^/something/pages/([0-9]{1,2})(/.*)?$”) {
error 404 “Not found” ;
}

 

Nice online regex tester.

 

https://www.debuggex.com/

Monitoring Varnish Healthcheck

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Monitoring Varnish Healthcheck

varnishadm debug.health | awk /Backend/'{print $2,$4}’
web1 Healthy
web2 Healthy

This will throw ugly logs on syslog, so to Disable logging on varnishadm
Note: This is not disabling varnishadm logging but only cli traffic
(i.e. those which runs on Bash CLI, Those you run from varnishadm will still be visible).

syslog_cli_traffic

varnish tips & Tricks

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Varnish Troubleshoot

varnishtop

# most often-made requests to the backend:
varnishtop -b -i TxURL
varnishtop -i rxurl

# Client Encoding type
varnishtop -i RxHeader -I Accept-Encoding

# Show User Agents accessing your server through Varnish:
varnishtop -i RxHeader -I ^User-Agent

varnishlog

# Varnish adds a Age header to indicate how long the object has
varnishlog -i TxHeader -I ^Age

# Varnish grep status Code 503
varnishlog -m TxStatus:503

# To see the client requests
varnishlog -c -m ReqStart:$CLIENTIP

# To see the backend requests, match on the TxHeader.
varnishlog -b -m TxHeader:$BACKENDIIP

varnishhist

# histogram for the past 1000 requests, cache hits (denoted by a ‘|’) and misses (denoted by a ‘#’),

varnishhist

Nginx SSL Termination, Varnish

If you are looking for ssl termination on varnish, i would assume you have enough knowledge of configuring varnish and looking into this you must be able to configure ssl termination including Client-IP forwarding.

Default location with 444 error would make sense to forward any unwated traffic, you may want to google it around if its not already in www.ashishnepal.com 😉

server {
### server port and name ###
listen 192.168.1.24:443;
ssl on;
server_name www.tikejhya.com;

### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;

### SSL cert files ###
ssl_certificate /var/certs/tikejhya.com.crt;
ssl_certificate_key /var/certs/tikejhya.com.key;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

location / {
# Pass the request on to Varnish.
proxy_pass http://127.0.0.1;

# Pass a bunch of headers to the downstream server, so they’ll know what’s going on.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Most web apps can be configured to read this header and understand that the current session is actually HTTPS.
proxy_set_header X-Forwarded-Proto https;
# We expect the downsteam servers to redirect to the right hostname, so don’t do any rewrites here.
proxy_redirect off;
}
}

Varnish Tips/Tricks

# Write log into some file
varnishncsa -w /tmp/test.varnish.log

#Varnish throws 503 page
ulimit -n 100000
service varnish restart

# Varnishadin CLI
varnishadm -S /etc/varnish/secret -T 127.0.0.1:8888

# Syntax Check
varnishd -C -f /etc/varnish/default.vcl

Missing Dependency: libedit.so.0

Error: Missing Dependency: libedit.so.0()(64bit) is needed by package varnish-3.0.1-1.el5.x86_64 (varnish-3.0)

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm
yum install varnish

Problem:

Resolving Dependencies
–> Running transaction check
—> Package varnish.x86_64 0:3.0.1-1.el5 set to be updated
–> Processing Dependency: varnish-libs = 3.0.1-1.el5 for package: varnish
–> Processing Dependency: libedit.so.0()(64bit) for package: varnish
–> Running transaction check
—> Package varnish.x86_64 0:3.0.1-1.el5 set to be updated
–> Processing Dependency: libedit.so.0()(64bit) for package: varnish
—> Package varnish-libs.x86_64 0:3.0.1-1.el5 set to be updated
–> Finished Dependency Resolution
varnish-3.0.1-1.el5.x86_64 from varnish-3.0 has depsolving problems
–> Missing Dependency: libedit.so.0()(64bit) is needed by package varnish-3.0.1-1.el5.x86_64 (varnish-3.0)
Error: Missing Dependency: libedit.so.0()(64bit) is needed by package varnish-3.0.1-1.el5.x86_64 (varnish-3.0)
You could try using –skip-broken to work around the problem
You could try running: package-cleanup –problems
package-cleanup –dupes
rpm -Va –nofiles –nodigest

Solution:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum install varnish
service varnish start
service varnish restart

Powered by WordPress & Theme by Anders Norén