cache pages with apache auth

Tim Dunphy bluethundr at gmail.com
Sat Jul 4 03:29:13 CEST 2015 

Hey guys,

 I was actually able to get this to work. So I wanted to share my solution
with you.

 I had to change my probe definition to put the http headers into the
request for the probe:

backend web1 {
  .host = "10.10.10.25";
  .port = "80";
  .connect_timeout = 30s;
  .first_byte_timeout = 30s;
  .between_bytes_timeout = 30s;
  .max_connections = 70;
  .probe = {
  .request =
   "GET /healthcheck.php HTTP/1.1"
   "Host: wiki.mydomain.com"
   "Connection: close";
   .interval = 10m;
   .timeout = 60s;
   .window = 3;
   .threshold = 2;
   }
}

And it still works with apache auth!  In my googling, I found this old
varnish ticket:

https://www.varnish-cache.org/trac/ticket/1165

That describes how to get apache auth working with varnish by passing the
headers to .request.

And since I'm only using this for a mediawiki, I found a good example VCL
on their site that they recommend for using with mediawiki. I've adapted it
to my uses and it seems to be doing a good job of caching the site.

I'm really glad this works and I appreciate your input and feedback.

Thanks,
Tim



On Fri, Jul 3, 2015 at 4:00 PM, Tim Dunphy <bluethundr at gmail.com> wrote:

> Hey guys,
>
>  Thanks for your suggestions!! However, I'm still not having any luck.
> This is what I tried. I logged into one of my webservers and then altered
> the config so that it won't require authorization to access the healthcheck
> URL:
>
> <VirtualHost *:80>
>    ServerName wiki.mydomain.com
>    ServerAlias www.wiki.mydomain.com
>    Options +Indexes +FollowSymlinks
>    LogLevel debug
>    ErrorLog logs/wiki-error.log
>    LogFormat "%h %l %u %t \"%r\" %>s %b" common
>    CustomLog logs/wiki-access_log common
>    DocumentRoot /var/www/jf/wiki
>    *SetEnvIf Request_URI ^/healthcheck.php/ noauth=1*
>
>    <Directory /var/www/jf/wiki>
>       Options Indexes
>       AuthType Basic
>       AuthName "JF Wiki Page"
>       AuthUserFile /etc/httpd/auth
>       Require valid-user
>     *  Allow from env=noauth*
>    </Directory>
>
>    <Directory /var/www/jf/wiki/images>
>                 Options -Indexes
>    </Directory>
> </VirtualHost>
>
> I've highlighted in bold what I changed in the config. Then copied the
> config over to the other web server and restarted apache on both.
>
> Both of the web hosts are still turning up as 'sick' in the varnish log:
>
>     0 Backend_health - web2 Went sick 4--X-R- 2 3 5 0.015589 0.000000
> HTTP/1.1 401 Unauthorized
>     0 Backend_health - web1 Went sick 4--X-R- 2 3 5 0.045081 0.000000
> HTTP/1.1 404 Not Found
>
> So then I tried Paul's suggestion to tell varnish to expect a 401 response
> for the probe. I'm not sure if I interpreted this request correctly, but
> this is what I tried:
>
> if ( req.url ~ "^/healthcheck.php") {
>      error 401;
>    }
>
> And there was no change in the result after restarting varnish. Both web
> servers are still turning up 'sick' in the varnish log.
>
> Could I get some advice on where I'm going wrong here? And maybe if there
> is another approach I could try, I'd be up for trying anything that might
> work.
>
> Thanks again for your help!!
>
> Tim
>
> On Mon, Jun 29, 2015 at 3:27 AM, Tobias Eichelbrönner <
> tobias.eichelbroenner at lamp-solutions.de> wrote:
>
>> Hi Tim,
>>
>> > Backend_health - web2 Still sick 4--X-R- 0 3 5 0.014946 0.000000
>> > HTTP/1.1 401 Unauthorized
>>
>> seems to me your healthcheck on
>>  .url = "/healthcheck.php";
>> does not send any authorization to your backend, so the probing fails.
>> The most simple solution is the disable authorization for
>> healthcheck.php in you Webserver.
>>
>> Keep in mind that if more then one user access your restricted area they
>> probably get the cached contend from the other user delivered. You could
>> put authorization header into the hash in give every user a different
>> password.
>>
>> Sincerely,
>>
>> Tobias
>>
>> --
>> LAMP solutions GmbH
>> Gostenhofer Hauptstrasse 35
>> 90443 Nuernberg
>>
>> Amtsgericht Nuernberg: HRB 22366
>> Geschaeftsfuehrer: Heiko Schubert
>>
>> Es gelten unsere allgemeinen Geschaeftsbedingungen.
>> http://www.lamp-solutions.de/agbs/
>>
>> Telefon      : 0911 / 376 516 0
>> Fax          : 0911 / 376 516 11
>> E-Mail       : support at lamp-solutions.de
>> Web          : www.lamp-solutions.de
>> Facebook     : http://www.facebook.com/LAMPsolutions
>> Twitter      : http://twitter.com/#!/lampsolutions
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>
>


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20150703/bb369618/attachment.html>

More information about the varnish-misc mailing list