Assign port 8080 to Apache, 8888 to Varnish, because 80 and 443 will go to Pound.
https://www.zivtech.com/blog/implementing-pound-varnish-lamp-setup-achie...
https://www.adammalone.net/post/why-pound-awesome-front-varnish#.WatlidO...
https://www.smashingmagazine.com/2015/09/https-everywhere-with-nginx-var...
https://serverfault.com/questions/463872/haproxyvarnish-configuration-ad...
0) To test a Varnish page you can paste the following code into index.php:
<html> <body> <?php $domain=$_SERVER['SERVER_NAME']; $protocol="http://$domain"; $ssl="https://$domain"; $bgcolor=strtoupper(dechex(rand(0x000000, 0xFFFFFF))); $date=date('m/d/Y H:i:s', time()); $port=$_SERVER['SERVER_PORT']; $uri=$_SERVER['SCRIPT_URI']; $text = "<pre style=\"padding: 10px; border:1px solid #000000\"><strong>Time:</strong> $date <br>"; $text .= "<strong>Background color:</strong> #$bgcolor </pre>"; $suffix = "<p>Compare different versions of the same page through:<br> <pre style=\"padding: 10px; border:1px solid #000000\"> <strong>Varnish</strong> proxy at <a href=\"$protocol\">$protocol</a> <strong>SSL</strong> termination at <a href=\"$ssl\">$ssl</a> <strong>Apache</strong> port at <a href=\"$protocol:8080\">$protocol:8080</a></pre></p>"; if ($port == "8080") { $prefix = "<p>This is an <strong>uncached</strong> Apache version of the page with the background color <br>and the current time changing on every page refresh.</p>"; } else { $prefix = "<p>This is a <strong>cached</strong> version of the page with the background color and <br>the time catched at the moment of caching. <br>It will expire in 24 hours unless Varnish is restarted before that.</p>"; } ?> <body style="font-family: 'Avenir Next',sans-serif; background-color:#<?php print $bgcolor;?>;"> <div style="position: relative;float: left;top: 300px;left: 50%;transform: translate(-50%, -50%);"> <h1>AltaGrade Demo</h1> <?php print $prefix; print $text; print $suffix; ?> </div> </body> </html>
1) cat /etc/varnish/default.vcl
# # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and http://varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; # Default backend definition. Set this to point to your content server. backend default { .host = "65.49.80.99"; .port = "8080"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. if (req.url ~ "^/status\.php$" || req.url ~ "^/update\.php$" || req.url ~ "^/ooyala/ping$" || req.url ~ "^/admin/build/features" || req.url ~ "^/info/.*$" || req.url ~ "^/flag/.*$" || req.url ~ "^.*/ajax/.*$" || req.url ~ "^/admin/https-test" || req.url ~ "^.*/ahah/.*$") { return (pass); } if (req.http.Cookie) { set req.http.Cookie = ";" + req.http.Cookie; set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|NO_CACHE)=", "; \1="); set req.http.Cookie = regsuball(req.http.Cookie, ";(SSESS[a-z0-9]+|NO_CACHE)=", "; \1="); set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", ""); set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); } } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. set beresp.ttl = 5m; } sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. }
2) Pound configuration file
ListenHTTP
Address 65.49.80.99
Port 80
End
Service
BackEnd
Address 65.49.80.99
Port 8888
End
End
ListenHTTPS
Cert "/home/cryptusa/domains/sub0.cryptusa.com/ssl.pem"
Cert "/home/cryptusa/domains/sub7.cryptusa.com/ssl.pem"
Address 65.49.80.99
Port 443
HeadRemove "X-Forwarded-Proto"
AddHeader "X-Forwarded-Proto: https"
Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !SSLv2 !SSLv3 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
End- Log in to post comments
- Copy all the steps