Varnish: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Ckallas (talk | contribs)
Ckallas (talk | contribs)
No edit summary
Line 28: Line 28:


==Apache konfiguratsiooni muutmine==
==Apache konfiguratsiooni muutmine==
Muudame varnishi konfiguratsiooni faili, et varnish kuulaks defaultina port 80.
<pre>nano /etc/default/varnish</pre>
Muuda "DAEMON_OPTS="-a *:6081 \" selliseks
<pre>DAEMON_OPTS="-a *:80 \</pre>
ctrl-O ja muudame default.vcl nime millegiks muuks, nt mysite.vcl
Kopeerime /etc/varnish/default.vcl
<pre>cp /etc/varnish/default.vcl /etc/varnish/mysite.vcl</pre>
Muudame, /etc/varnish/mysite.vcl faili samasuguseks
<pre>
## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}
## Fetch
sub vcl_fetch {
## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;
## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
## Deliver the content
        return(deliver);
}
## Deliver
sub vcl_deliver {
## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
              ## Since we're not caching (yet), why bother telling people we use it?
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;
## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}
</pre>


= Juhend, et Apache logides näidataks õige kliendi IP aadressi, mitte Varnishi oma =
= Juhend, et Apache logides näidataks õige kliendi IP aadressi, mitte Varnishi oma =

Revision as of 15:38, 3 May 2012

Koostajad

Rene Sepp, Kersti Lang, Carolys Kallas

Kevad 2012

Sissejuhatus

Varnishit kasutatakse veebilehekülgede kiirendamiseks. See installeeritakse HTTP serveri ette ning tehakse vastavad muutused sisu cachimiseks. Varnish cache tavaliselt kiirendab andmete laadimiset 300-1000 kordselt sõltuvalt veebilehe ülesehitusest. Varnish cache hoiab veebilehti vahemälus kiirendades sellega javaskriptide ning piltide laadimist. Lisaks kasutatakse seda ka koormuse tasakaalustamiseks ning turvalisuse suurendamiseks.

Eeldused

Varnish paigaldus

Tegutseda root kasutajaga:

sudo su

Kõigepealt tuleb uuendada tarkvaravaramu nimekirja:

apt-get update

Seejärel saab installida Varnishi:

apt-get install varnish

Varnishi paigaldamine turvalisuse suurendamiseks

Varnish peatab mittetäielikel http päringutel jõudmast Apache veebiserverini.

Kontrollime kas on installitud kõige uuem varnishi versioon.

sudo apt-get install curl
sudo curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
sudo echo "deb http://repo.varnish-cache.org/debian/ $(lsb_release -s -c) varnish-2.1" >> /etc/apt/sources.list 

Apache konfiguratsiooni muutmine

Muudame varnishi konfiguratsiooni faili, et varnish kuulaks defaultina port 80.

nano /etc/default/varnish

Muuda "DAEMON_OPTS="-a *:6081 \" selliseks

DAEMON_OPTS="-a *:80 \

ctrl-O ja muudame default.vcl nime millegiks muuks, nt mysite.vcl

Kopeerime /etc/varnish/default.vcl

cp /etc/varnish/default.vcl /etc/varnish/mysite.vcl

Muudame, /etc/varnish/mysite.vcl faili samasuguseks

## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}
## Fetch
sub vcl_fetch {
		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;
		
		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
		## Deliver the content
        return(deliver);
}

## Deliver
sub vcl_deliver {
		## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
              ## Since we're not caching (yet), why bother telling people we use it?
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;
		
		## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}


Juhend, et Apache logides näidataks õige kliendi IP aadressi, mitte Varnishi oma

Apache konfiguratsiooni muutmine

Esimese asjana tuleks lisada apache2.conf faili uus LogFormat

nano /etc/apache2/apache2.conf

Otsaida üles apache2.conf failist viimane LogFormat ja selle järele lisada

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" varnish

Järgmisena tuleks muuta virtuaalserveri conf faili(siin juhendis kasutatakse Default virtuaalserverit)

nano /etc/apache2/sites-available/default

Otsida üles confist CustomLog rida ja see muuta selliseks

 CustomLog ${APACHE_LOG_DIR}/access.log varnish

Varnishi konfiguratsiooni muutmine

Esmalt avada Varnishi conf fail

nano /etc/varnish/default.vcl

Kommenteeri välja kõik read mis on seotud sub vcl_recv-ga

Lisada default.vcl confi sellised read

sub vcl_recv {
        set req.http.X-Forwarded-For = client.ip;
}

Varnish-ile ja Apache-le restart

service apache2 restart
service varnish restart

Kõik peaks nüüd töötama.

Tulemuse kontroll

Ühenda kliendiga veebiserveri külge ja vaata apache access.log faili, mis ip logitakse

less /var/log/apache2/access.log


Kasutatud materjal

1. About Varnish - https://www.varnish-cache.org/about 2. Putting Varnish In Front Of Apache On Ubuntu/Debian - http://www.howtoforge.com/putting-varnish-in-front-of-apache-on-ubuntu-debian