You are here

Configuring Pound proxy

Submitted by Alan Mels on Sun, 08/27/2017 - 08:45

0) To test a Varnish page you can paste the following code into index.php:

<html>
<body>
 
<?php
 
$domain=$_SERVER['SERVER_NAME'];
$protocol="http://$domain";
$ssl="https://$domain";
$bgcolor=strtoupper(dechex(rand(0x000000, 0xFFFFFF)));
$date=date('m/d/Y H:i:s', time());
$port=$_SERVER['SERVER_PORT'];
$uri=$_SERVER['SCRIPT_URI'];
 
  $text = "<pre style=\"padding: 10px; border:1px solid #000000\"><strong>Time:</strong> $date <br>";
  $text .= "<strong>Background color:</strong> #$bgcolor </pre>";
  $suffix = "<p>Compare different versions of the same page through:<br>
<pre style=\"padding: 10px; border:1px solid #000000\">
<strong>Varnish</strong> proxy at <a href=\"$protocol\">$protocol</a>
<strong>SSL</strong> termination at <a href=\"$ssl\">$ssl</a>
<strong>Apache</strong> port at <a href=\"$protocol:8080\">$protocol:8080</a></pre></p>";
 
if ($port == "8080") {
  $prefix = "<p>This is an <strong>uncached</strong> Apache version of the page with the background color <br>and the current time changing on every page refresh.</p>";
} else {
$prefix = "<p>This is a <strong>cached</strong> version of the page with the background color and <br>the time catched at the moment of caching. <br>It will expire in 24 hours unless Varnish is restarted before that.</p>";
}
?>
 
<body style="font-family: 'Avenir Next',sans-serif; background-color:#<?php print $bgcolor;?>;">
<div style="position: relative;float: left;top: 300px;left: 50%;transform: translate(-50%, -50%);">
<h1>AltaGrade Demo</h1>
<?php
print $prefix;
print $text;
print $suffix;
 
?>
</div>
 
</body>
</html>

1) cat /etc/varnish/default.vcl

#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;
 
# Default backend definition. Set this to point to your content server.
backend default {
    .host = "65.49.80.99";
    .port = "8080";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
}
 
sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.

if (req.url ~ "^/status\.php$" ||
      req.url ~ "^/update\.php$" ||
      req.url ~ "^/ooyala/ping$" ||
      req.url ~ "^/admin/build/features" ||
      req.url ~ "^/info/.*$" ||
      req.url ~ "^/flag/.*$" ||
      req.url ~ "^.*/ajax/.*$" ||
      req.url ~ "^/admin/https-test" ||
      req.url ~ "^.*/ahah/.*$") {
       return (pass);
  }
 
if (req.http.Cookie) {
    set req.http.Cookie = ";" + req.http.Cookie;
    set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
    set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|NO_CACHE)=", "; \1=");
    set req.http.Cookie = regsuball(req.http.Cookie, ";(SSESS[a-z0-9]+|NO_CACHE)=", "; \1=");
    set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
    set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
 
}
 
}
 
sub vcl_backend_response {
    # Happens after we have read the response headers from the backend.
    #
    # Here you clean the response headers, removing silly Set-Cookie headers
    # and other mistakes your backend does.

 set beresp.ttl = 5m;
 
}
 
sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
}

2) Pound configuration file

ListenHTTP
    Address 65.49.80.99
    Port 80
End
 
Service
    BackEnd
	Address 65.49.80.99
        Port    8888
    End
End
 
ListenHTTPS
	Cert "/home/cryptusa/domains/sub0.cryptusa.com/ssl.pem"
        Cert "/home/cryptusa/domains/sub7.cryptusa.com/ssl.pem"
        Address 65.49.80.99
        Port    443
        HeadRemove "X-Forwarded-Proto"
        AddHeader "X-Forwarded-Proto: https"
        Ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !SSLv2 !SSLv3 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
End