Varnish 3 in CentOS 6 with apache and Drupal 7

1. Installation Varnish 3 in CentOS6

https://www.varnish-cache.org/installation/redhat
  
rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm

yum install varnish

2. modified /etc/sysconfig/varnish

 VARNISH_LISTEN_PORT=6081
to
VARNISH_LISTEN_PORT=80

3. modified /etc/varnish/default.vcl to suit drupal

https://fourkitchens.atlassian.net/wiki/display/TECH/Configure+Varnish+3+for+Drupal+7

注意

backend default {

  .host = "127.0.0.1";

  .port = "8080";

}

 

4. modified  httpd.conf

change httpd listen port to default.vcl backend port (8080)

5. service restart apache / varnish

chkconfig --level 3 varnish on
service httpd restart
service varnish restart

6. install drupal varnish module 

https://drupal.org/project/varnish

drush dl varnish
drush en varnish -y

7. modified drupal settings.php

$conf['cache_backends'][] = 'sites/all/modules/varnish/varnish.cache.inc';
$conf['cache_class_cache_page'] = 'VarnishCache';
$conf['reverse_proxy'] = TRUE;
$conf['page_cache_invoke_hooks'] = FALSE;
$conf['cache'] = 1;
$conf['cache_lifetime'] = 0;
$conf['page_cache_maximum_age'] = 21600;
$conf['reverse_proxy_header'] = 'HTTP_X_FORWARDED_FOR';
$conf['reverse_proxy_addresses'] = array('127.0.0.1');
$conf['omit_vary_cookie'] = TRUE;


reference：
http://andrewdunkle.com/how-install-varnish-drupal-7

8. check varnish status

varnishstatus

reference:
http://kly.no/posts/2009_12_08__Varnishstat_for_dummies__.html

9. 假設要 telnet 到 管理port (例如 6082)

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
107 59
xglonvpwnvqqkwqeqjqnkgqumdciwxnv

Authentication required.
 
 需要auth 的話

假設secret file (/etc/varnish/secret) 內容是  foo

在另一個 shell裡面
[root@varnish-server ~]# cat > _ 
xglonvpwnvqqkwqeqjqnkgqumdciwxnv    (上面的challenge)
foo
xglonvpwnvqqkwqeqjqnkgqumdciwxnv
^D

[root@varnish-server ~]# hexdump -C _
00000000  78 67 6c 6f 6e 76 70 77  6e 76 71 71 6b 77 71 65  |xglonvpwnvqqkwqe|
00000010  71 6a 71 6e 6b 67 71 75  6d 64 63 69 77 78 6e 76  |qjqnkgqumdciwxnv|
00000020  0a 66 6f 6f 0a 78 67 6c  6f 6e 76 70 77 6e 76 71  |.foo.xglonvpwnvq|
00000030  71 6b 77 71 65 71 6a 71  6e 6b 67 71 75 6d 64 63  |qkwqeqjqnkgqumdc|
00000040  69 77 78 6e 76 0a                                 |iwxnv.|
00000046



 [root@varnish-server ~]# sha256sum _
27eef6997eeb47c5e26dfb72dc8f32715a8d39265becdfdedc1edc2365d5624b  _

再回到 telnet 的shell裡面鍵入
auth 27eef6997eeb47c5e26dfb72dc8f32715a8d39265becdfdedc1edc2365d5624b

就可以登入

10. Apache 會抓到 127.0.0.1 IP, 造成IP阻擋與 http.log 錯誤的問題

重要!!!安全性問題

安裝 mod_rpaf
(http://blog.roozbehk.com/post/24568560912/nginx-as-reverse-proxy-to-apache-server)

 wget -q -O - http://www.atomicorp.com/installers/atomic | sh 

yum install mod_rpaf

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 NGINX_SERVER_IP
RPAFheader X-Forwarded-For 

 sudo service /usr/sbin/httpd restart