From miguel_3_gonzalez at yahoo.es Fri Nov 1 18:25:28 2019 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Fri, 1 Nov 2019 19:25:28 +0100 Subject: Migration from 4.1 vcl In-Reply-To: References: <0e8932d8-d134-4333-a3a1-531416fc5889@www.fastmail.com> Message-ID: <8adc71c0-ba6f-1920-9720-a8c4a2ed731e@yahoo.es> On 10/09/19 6:12 PM, Geoff Simmons wrote: > On 10/9/19 18:03, Cosimo Streppone wrote: >> What I meant was if there's any vmod interface/api change between 4.1 and 6.0 >> that could break third party vmod code, if that makes any sense. > Yes. With just about every new version of Varnish, there's always > something. It may be not be much for each version (for Varnish 6.3.0, > for example, you need to replace WS_Reserve() with WS_ReserveSize(), or > else you get deprecation warnings), but enough so that some kind of fix > is often necessary. > > If you're jumping from 4.1 to 6.0, chances are that quite a few of > things accumulated over time. > > The What's New/Upgrading docs for the various versions often have a > section about changes for developers of VMODs and other third-party > software, so you might want to look through those. The log in > changes.rst in the git repo also goes into such changes, in more > technical detail. Thanks all for answering. I attach the default.vcl hereby. do you foresee any issue in migrating either to 5.x or 6.x? # # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and http://varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; import std; # Default backend definition. Set this to point to your content server. backend default { ??? .host = "XXX.XXX.XXX.XXX"; ??? .port = "82"; ??? .connect_timeout = 600s; ??? .first_byte_timeout = 600s; ??? .between_bytes_timeout = 600s;?? ? } acl purge { ??????? "localhost"; ??????? "127.0.0.1"; ??????? "XXX.XXX.XXX.XXX"; } # This function is used when a request is send by a HTTP client (Browser) sub vcl_recv { ??????? # remove ?ver=xxxxx strings from urls so css and js files are cached. ??????? # Watch out when upgrading WordPress, need to restart Varnish or flush cache. ??????? set req.url = regsub(req.url, "\?ver=.*$", ""); ??????? # The code below makes sure the AJAX "add to cart" function works ??????? set req.url = regsub(req.url, "add-to-cart=\d+_\d+&", ""); ? ??????? # Remove "replytocom" from requests to make caching better. ??????? set req.url = regsub(req.url, "\?replytocom=.*$", ""); ??????? #We pass real IP and Port to the backend ??????? if (req.http.X-Forwarded-Proto == "https" ) { ?????????? set req.http.X-Port = "443"; ??????? } else { ?????????? set req.http.X-Port = "80"; ??????? } ??????? set req.http.X-Forwarded-For = regsub(req.http.X-Forwarded-For, "^([^,]+),?.*$", "\1"); ??? # Normalize the header, remove the port (in case you're testing this on various TCP ports) ??????? set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); ??? # Remove has_js and CloudFlare/Google Analytics __* cookies. ??? set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); ??? # Remove a ";" prefix, if present. ??? set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); ??? # Allow purging from ACL ??? if (req.method == "PURGE") { ??? ??? # If not allowed then a error 405 is returned ??? ??? if (!client.ip ~ purge) { ??? ??? ??? return(synth(405, "This IP is not allowed to send PURGE requests.")); ??? ??? } ??? ??? # If allowed, do a cache_lookup -> vlc_hit() or vlc_miss() ??????????????? if (req.http.X-Purge-Method == "regex") { ????????????????? ban("req.url ~ " + req.url + " && req.http.host ~ " + req.http.host); ????????????????? return (synth(200, "Banned.")); ??????????????? } else { ??????????????? return (purge); ??????????????? } ??? } ??? # Post requests will not be cached ??? #if (req.http.Authorization || req.method == "POST") { ??? #??? return (pass); ??? #} ??????? # Pass anything other than GET and HEAD directly. ??????? if (req.method != "GET" && req.method != "HEAD") { ??????????????? return( pass ); ??????? }????? /* We only deal with GET and HEAD by default */ ??????? #Woocommerce don't cache : ??????? if (req.url ~ "^/(cart|account|my-account/*|checkout|addons|logout|lost-password|product/*)") { ????????? return (pass); ??????? } ?????? ??????? #Woocommerce add to cart pass : ??????? if (req.url ~ "\?add-to-cart=" ) { ????????? return (pass); ??????? } ??????? if (req.url ~ "/wp-cron.php" || req.url ~ "preview=true") { ????????? return (pass); ??????? } ? ??????? # Woocommerce ??????? if (req.url ~ "(cart|account|my-account|checkout|addons)") { ????????? return (pass); ??????? } ??????? if ( req.url ~ "\?add-to-cart=" ) { ????????? return (pass); ??????? } ? ??? # --- WordPress specific configuration ??? # Did not cache the admin and login pages ??? if (req.url ~ "feed|nocache|cart|account|my-account|checkout|addons|tienda|iniciar-sesion|mi-cuenta|comunidad|carro|carrito|finalizar-compra|producto/*|login|wp-json|wp-admin|wp-(comments-post|login|signup|activate|mail|cron)\.php|preview\=true|admin-ajax\.php|xmlrpc\.php|bb-admin|whm-server-status|server-status|control\.php|bb-login\.php|bb-reset-password\.php|register\.php|colabora|gracias-por-colaborar|tu-colaboracion-ha-fallado") { ??? ??? return (pass); ??? } ??? if (req.url ~ "(ajax|dynamic|custom)") { ???????????? return(pass); ??????? } ??? # Remove the "has_js" cookie ??? set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", ""); ??? # Remove any Google Analytics based cookies ??? set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", ""); ??? # Remove the Quant Capital cookies (added by some plugin, all __qca) ??? set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", ""); ??? # Remove the wp-settings-1 cookie ??? set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", ""); ??? # Remove the wp-settings-time-1 cookie ??? set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", ""); ??? # Remove the wp test cookie ??? set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", ""); ??? # Remove the wp give session cookie ??? set req.http.Cookie = regsuball(req.http.Cookie, "wp_give_session=[^;]+(; )?", ""); ??? set req.http.Cookie = regsuball(req.http.Cookie, "wp-give_session=[^;]+(; )?", ""); ??? # Are there cookies left with only spaces or that are empty? ??? if (req.http.cookie ~ "^ *$") { ??? ??? ??? unset req.http.cookie; ??? } ??? # Cache the following files extensions ??? if (req.url ~ "\.(txt|css|js|png|gif|jp(e)?g|swf|ico)") { ??? ??? unset req.http.cookie; ??? } ??? # Normalize Accept-Encoding header and compression ??? # https://www.varnish-cache.org/docs/3.0/tutorial/vary.html ??? if (req.http.Accept-Encoding) { ??? ??? # Do no compress compressed files... ??? ??? if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { ??? ??? ??? ?? ??? unset req.http.Accept-Encoding; ??? ??? } elsif (req.http.Accept-Encoding ~ "gzip") { ??? ??? ??? ??? set req.http.Accept-Encoding = "gzip"; ??? ??? } elsif (req.http.Accept-Encoding ~ "deflate") { ??? ??? ??? ??? set req.http.Accept-Encoding = "deflate"; ??? ??? } else { ??? ??? ??? unset req.http.Accept-Encoding; ??? ??? } ??? } ??? # Check the cookies for wordpress-specific items ??? if (req.http.Cookie ~ "woocommerce" || req.http.Cookie ~ "wordpress" || req.http.Cookie ~ "wp-" || req.http.Cookie ~ "comment_") { ??? ??? return (pass); ??? } ??? if (!req.http.cookie) { ??? ??? unset req.http.cookie; ??? } ??? # --- End of WordPress specific configuration ??? # Did not cache HTTP authentication and HTTP Cookie ??? if (req.http.Authorization || req.http.Cookie) { ??? ??? # Not cacheable by default ??? ??? return (pass); ??? } ??? # Cache all others requests ??? return (hash); } sub vcl_pipe { ??? return (pipe); } sub vcl_pass { ??? return (fetch); } # The data on which the hashing will take place sub vcl_hash { ???? hash_data(req.url); ???? if (req.http.host) { ???? ??? ? hash_data(req.http.host); ???? } else { ???? ??? ? hash_data(server.ip); ???? } ??? # If the client supports compression, keep that in a different cache ??? ??? if (req.http.Accept-Encoding) { ????????? hash_data(req.http.Accept-Encoding); ??? } ??????? # Cache the HTTP vs HTTPs separately ??????? if (req.http.X-Forwarded-Proto) { ????????? hash_data(req.http.X-Forwarded-Proto); ??????? } ??? return (lookup); } # This function is used when a request is sent by our backend (Nginx server) sub vcl_backend_response { ??? # Remove some headers we never want to see ??? unset beresp.http.Server; ??? unset beresp.http.X-Powered-By; ??????? if (beresp.http.content-type ~ "(text|javascript|application/x-font-woff)") { ????????? set beresp.do_gzip = true; ??????? } ??? # For static content strip all backend cookies ??? if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g)|swf|ico") { ??? ??? unset beresp.http.cookie; ??? } ??? # Don't store backend ??? if (bereq.url ~ "wp-(login|admin)" || bereq.url ~ "preview=true") { ??? ??? set beresp.uncacheable = true; ??? ??? set beresp.ttl = 30s; ??? ??? return (deliver); ??? } ??? # Only allow cookies to be set if we're in admin area ??? ??? if (!(bereq.url ~ "(wp-login|cart|account|my-account|colabora|gracias-por-colaborar|tu-colaboracion-ha-fallado|checkout|finalizar-compra|addons|tienda|iniciar-sesion|mi-cuenta|comunidad|carrito|carro|producto/*|login|wp-json|wp-admin|preview=true)")) { ??????? ??? unset beresp.http.set-cookie; ??? } ??? # don't cache response to posted requests or those with basic auth ??? if ( bereq.method == "POST" || bereq.http.Authorization ) { ??????? ??? set beresp.uncacheable = true; ??? ??? set beresp.ttl = 120s; ??? ??? return (deliver); ??? ??? } ??? ??? # don't cache search results ??? if ( bereq.url ~ "\?s=" ){ ??? ??? set beresp.uncacheable = true; ??????????????? set beresp.ttl = 120s; ??????????????? return (deliver); ??? } ??? # only cache status ok ??? if ( beresp.status != 200 ) { ??? ??? set beresp.uncacheable = true; ??????????????? set beresp.ttl = 120s; ??????????????? return (deliver); ??? } ??? # A TTL of 24h ??? set beresp.ttl = 24h; ??? # Define the default grace period to serve cached content ??? #set beresp.grace = 30s; ??? set beresp.grace = 1h; ??? return (deliver); } # The routine when we deliver the HTTP request to the user # Last chance to modify headers that are sent to the client sub vcl_deliver { ??? if (obj.hits > 0) { ??? ??? set resp.http.X-Cache = "cached"; ??? } else { ??? ??? set resp.http.x-Cache = "uncached"; ??? } ??? # Remove some headers: PHP version ??? unset resp.http.X-Powered-By; ??? # Remove some headers: Apache version & OS ??? unset resp.http.Server; ??? # Remove some heanders: Varnish ??? unset resp.http.Via; ??? unset resp.http.X-Varnish; ??? return (deliver); } sub vcl_init { ???? return (ok); } sub vcl_fini { ???? return (ok); } -- This email has been checked for viruses by AVG. https://www.avg.com From oehmes at gmail.com Sun Nov 3 16:27:36 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 09:27:36 -0700 Subject: varnish as general purpose web cache Message-ID: Hi, i am trying to setup a caching proxy for my entire wifi. my router has the capabilities to force redirect all http requests to a proxy server. reason is i have a larger number of hosts behind this wifi network which access the same content and i try to minimize bandwidth utilization for my WAN. unfortunate the access is not to a small number of hosts, but rather a very large number of destinations. i installed varnish and tried to set this up, but all examples i found are to configure it to speed up access to a certain backend host, i don't want that, i try to proxy/cache content to everything destination that goes trough varnish. any suggestions on how to set this up ? thx. Sven From cosimo at streppone.it Sun Nov 3 16:32:37 2019 From: cosimo at streppone.it (Cosimo Streppone) Date: Sun, 03 Nov 2019 17:32:37 +0100 Subject: varnish as general purpose web cache In-Reply-To: References: Message-ID: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> On Sun, Nov 3, 2019, at 17:27, Sven Oehme wrote: > > i installed varnish and tried to set this up, but all examples i found > are to configure it to speed up access to a certain backend host, i > don't want that, i try to proxy/cache content to everything > destination that goes trough varnish. any suggestions on how to set > this up ? Maybe try with something like Squid instead of Varnish? http://www.squid-cache.org/ -- Cosimo From oehmes at gmail.com Sun Nov 3 16:35:31 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 09:35:31 -0700 Subject: varnish as general purpose web cache In-Reply-To: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> Message-ID: you are saying you can't do this with varnish or you are just suggesting to see if I can make it work with squid ? Sven On Sun, Nov 3, 2019, 9:33 AM Cosimo Streppone wrote: > On Sun, Nov 3, 2019, at 17:27, Sven Oehme wrote: > > > > i installed varnish and tried to set this up, but all examples i found > > are to configure it to speed up access to a certain backend host, i > > don't want that, i try to proxy/cache content to everything > > destination that goes trough varnish. any suggestions on how to set > > this up ? > > Maybe try with something like Squid instead of Varnish? > > http://www.squid-cache.org/ > > -- > Cosimo > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer at ultra-secure.de Sun Nov 3 17:05:52 2019 From: rainer at ultra-secure.de (Rainer Duffner) Date: Sun, 3 Nov 2019 18:05:52 +0100 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> Message-ID: <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> > Am 03.11.2019 um 17:35 schrieb Sven Oehme : > > you are saying you can't do this with varnish or you are just suggesting to see if I can make it work with squid ? > Varnish is a cache for incoming request to a website (or a couple of websites) It was never intended as a forward-cache, like Squid. And I doubt it can actually be made to work that way in any even remotely reasonable fashion. That said, I would really like to know if Squid (which would be the primary tool to try this) does bring any kind of significant improvement these days - at all. A lot of content is personalized (everything that carries a cookie) and Squid does (hopefully) not store and cache it. On top of that, Squid, per definition, cannot store content delivered over HTTPS (which is at least 90 and probably closer to 97%) of content these days. You?d need to setup SSL interception etc.pp. Browsers are a lot better at caching locally, too, these days, as are websites at instructing browsers to do so. So, in summary, it?s not the 90s anymore, better get a faster WiFi/internet connection or apply some traffic shaping to nobody can abuse all the bandwidth. From oehmes at gmail.com Sun Nov 3 17:10:01 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 10:10:01 -0700 Subject: varnish as general purpose web cache In-Reply-To: <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: my case is very special. all the nodes download several GB size files and they are all static, think more about a CDN case. i will take a look at squid. thx for the reply. Sven On Sun, Nov 3, 2019 at 10:05 AM Rainer Duffner wrote: > > > > > Am 03.11.2019 um 17:35 schrieb Sven Oehme : > > > > you are saying you can't do this with varnish or you are just suggesting to see if I can make it work with squid ? > > > > > > Varnish is a cache for incoming request to a website (or a couple of websites) > > It was never intended as a forward-cache, like Squid. And I doubt it can actually be made to work that way in any even remotely reasonable fashion. > > That said, I would really like to know if Squid (which would be the primary tool to try this) does bring any kind of significant improvement these days - at all. > > A lot of content is personalized (everything that carries a cookie) and Squid does (hopefully) not store and cache it. > On top of that, Squid, per definition, cannot store content delivered over HTTPS (which is at least 90 and probably closer to 97%) of content these days. > You?d need to setup SSL interception etc.pp. > > Browsers are a lot better at caching locally, too, these days, as are websites at instructing browsers to do so. > > So, in summary, it?s not the 90s anymore, better get a faster WiFi/internet connection or apply some traffic shaping to nobody can abuse all the bandwidth. > > > > From rainer at ultra-secure.de Sun Nov 3 17:12:52 2019 From: rainer at ultra-secure.de (Rainer Duffner) Date: Sun, 3 Nov 2019 18:12:52 +0100 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: > Am 03.11.2019 um 18:10 schrieb Sven Oehme : > > my case is very special. all the nodes download several GB size files > and they are all static, think more about a CDN case. i will take a > look at squid. Then create a local cache and point the nodes there? Varnish exists because Squid has a number of fundamental problems. Those problems didn?t go away in the last two decades ;-) -------------- next part -------------- An HTML attachment was scrubbed... URL: From oehmes at gmail.com Sun Nov 3 17:17:47 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 10:17:47 -0700 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: i can't create a cache as the content is non predictable and comes from various sources. i also can't change the tool thats accessing the files unfortunate. as i said, a very special case :-) the only way i see i can solve this is simply cache all accessed data via http, lets see if squid can do it. sven On Sun, Nov 3, 2019 at 10:12 AM Rainer Duffner wrote: > > > > Am 03.11.2019 um 18:10 schrieb Sven Oehme : > > my case is very special. all the nodes download several GB size files > and they are all static, think more about a CDN case. i will take a > look at squid. > > > > Then create a local cache and point the nodes there? > > Varnish exists because Squid has a number of fundamental problems. > Those problems didn?t go away in the last two decades ;-) > > > > From guillaume at varnish-software.com Sun Nov 3 17:33:43 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Sun, 3 Nov 2019 09:33:43 -0800 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: Are we talking about HTTP or HTTPS here? In the first case, you can use dynamic backends to point at arbitrary hosts. HTTPS is doable but it's going to be another can of worms because varnish basically need to be a man-in-the-middle and you'll need special certificates on all the clients. On Sun, Nov 3, 2019, 09:18 Sven Oehme wrote: > i can't create a cache as the content is non predictable and comes > from various sources. i also can't change the tool thats accessing the > files unfortunate. as i said, a very special case :-) > the only way i see i can solve this is simply cache all accessed data > via http, lets see if squid can do it. > > sven > > On Sun, Nov 3, 2019 at 10:12 AM Rainer Duffner > wrote: > > > > > > > > Am 03.11.2019 um 18:10 schrieb Sven Oehme : > > > > my case is very special. all the nodes download several GB size files > > and they are all static, think more about a CDN case. i will take a > > look at squid. > > > > > > > > Then create a local cache and point the nodes there? > > > > Varnish exists because Squid has a number of fundamental problems. > > Those problems didn?t go away in the last two decades ;-) > > > > > > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cosimo at streppone.it Sun Nov 3 17:40:43 2019 From: cosimo at streppone.it (Cosimo Streppone) Date: Sun, 03 Nov 2019 18:40:43 +0100 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: > So, in summary, it?s not the 90s anymore I would agree with that, yes :-) -- Cosimo -------------- next part -------------- An HTML attachment was scrubbed... URL: From phk at phk.freebsd.dk Sun Nov 3 21:51:33 2019 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Sun, 03 Nov 2019 21:51:33 +0000 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> Message-ID: <4564.1572817893@critter.freebsd.dk> -------- In message , Sven Oehme writes: >i can't create a cache as the content is non predictable and comes >from various sources. i also can't change the tool thats accessing the >files unfortunate. as i said, a very special case :-) >the only way i see i can solve this is simply cache all accessed data >via http, lets see if squid can do it. Just to chime in: Squid's you tool for that, and it is not quite as horrible as it once were, but still ... ugh! That said, I have a squid running here myself, so that all my FreeBSD machines do not need to drag updates into the house individually. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From oehmes at gmail.com Sun Nov 3 22:16:01 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 15:16:01 -0700 Subject: varnish as general purpose web cache In-Reply-To: <4564.1572817893@critter.freebsd.dk> References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> <4564.1572817893@critter.freebsd.dk> Message-ID: How do you deal with the client side certs ? On Sun, Nov 3, 2019, 2:51 PM Poul-Henning Kamp wrote: > -------- > In message TCRK32dpzF8fA at mail.gmail.com>, Sven Oehme writes: > > >i can't create a cache as the content is non predictable and comes > >from various sources. i also can't change the tool thats accessing the > >files unfortunate. as i said, a very special case :-) > >the only way i see i can solve this is simply cache all accessed data > >via http, lets see if squid can do it. > > Just to chime in: Squid's you tool for that, and it is not quite as > horrible > as it once were, but still ... ugh! > > That said, I have a squid running here myself, so that all my FreeBSD > machines do not need to drag updates into the house individually. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk at FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From phk at phk.freebsd.dk Sun Nov 3 22:20:34 2019 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Sun, 03 Nov 2019 22:20:34 +0000 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> <4564.1572817893@critter.freebsd.dk> Message-ID: <4832.1572819634@critter.freebsd.dk> -------- In message , Sven Oehme writes: >How do you deal with the client side certs ? I dont. It's just regular http(s) traffic -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From oehmes at gmail.com Sun Nov 3 22:49:10 2019 From: oehmes at gmail.com (Sven Oehme) Date: Sun, 3 Nov 2019 15:49:10 -0700 Subject: varnish as general purpose web cache In-Reply-To: <4832.1572819634@critter.freebsd.dk> References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> <4564.1572817893@critter.freebsd.dk> <4832.1572819634@critter.freebsd.dk> Message-ID: could you please share your squid config, so i could try that as a starting point. thx. sven On Sun, Nov 3, 2019 at 3:20 PM Poul-Henning Kamp wrote: > > -------- > In message , Sven Oehme writes: > > >How do you deal with the client side certs ? > > I dont. > > It's just regular http(s) traffic > > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk at FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. From phk at phk.freebsd.dk Mon Nov 4 07:22:44 2019 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Mon, 04 Nov 2019 07:22:44 +0000 Subject: varnish as general purpose web cache In-Reply-To: References: <23467e73-fb75-467c-bb72-253c3de5519e@www.fastmail.com> <72C7F09B-AD91-485D-8438-DE36F205EAFF@ultra-secure.de> <4564.1572817893@critter.freebsd.dk> <4832.1572819634@critter.freebsd.dk> Message-ID: <6591.1572852164@critter.freebsd.dk> -------- In message , Sven Oehme writes: >could you please share your squid config, so i could try that as a >starting point. Whatever is the default in FreeBSD's package... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From geoff at uplex.de Mon Nov 4 12:51:25 2019 From: geoff at uplex.de (Geoff Simmons) Date: Mon, 4 Nov 2019 13:51:25 +0100 Subject: base64 blob.decode() default error handling In-Reply-To: <20191104022721.GA9074@michelle> References: <20191104022721.GA9074@michelle> Message-ID: On 11/4/19 03:32, pyunyh wrote: > Hi, > > In order to validate client supplied base64 encoded string I have a > VCL something like the following. > > if (blob.length(blob.decode(BASE64, 0, req.http.Sec-WebSocket-Key)) != 16) { > return (synth(400, "Bad Request")); > } > > If the Sec-WebSocket-Key header has a badly encoded string VCL will > generate a "503 VCL failed" response. It's somewhat hard to generate > a 400 repsonse in this case, since very little thing can be done in > vcl_synth(). As you know resp.status can be overriden as well as > resp.reason in vcl_synth() but all state tracking made so far is > completely lost in vcl_synth() so there is no way to know where the > vcl_synth() is called from which context. > What is proper way to handle this case? > If there is a way to override arguments passed to synth() with > return(fail) during base64 decoding this will address the issue. > I think this can be easily solved with inline C but it it would be > better to have a VCL method as vcc_allow_inline_c is disabled by > default. @pyunyh, I'm moving this to varnish-misc, which is the more appropriate list for a user question like this. This is a general issue with VCL failure -- in vcl_synth, you can tell from resp.reason=="VCL failed" that it was VCL failure that you got you there, but there is little to no information about what caused the failure, so it can be difficult to impossible to implement specific error handling. I can see why you need this for the vmod blob use case. But I would suggest that the Varnish dev team consider a general solution for identifying the cause of a VCL failure, rather than special-casing a solution for the vmod. @pyunyh, as a workaround you might go to the old trick of using a request header as a variable: # assuming that req.http.X-Sec-WebSocket-Key-Validated is not set # at this point, or not set to "true" if (blob.length(blob.decode(BASE64, 0, req.http.Sec-WebSocket-Key)) != 16) { return (synth(400, "Bad Request")); } set req.http.X-Sec-WebSocket-Key-Validated = "true"; # now in vcl_synth: if (resp.reason == "VCL failed" && req.http.X-Sec-WebSocket-Key-Validated != "true") { set resp.status = 400; set resp.reason = "Bad Request"; } HTH, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From pyunyh at gmail.com Tue Nov 5 00:32:16 2019 From: pyunyh at gmail.com (pyunyh) Date: Tue, 5 Nov 2019 09:32:16 +0900 Subject: base64 blob.decode() default error handling In-Reply-To: References: <20191104022721.GA9074@michelle> Message-ID: <20191105003216.GA19109@michelle> On Mon, Nov 04, 2019 at 01:51:25PM +0100, Geoff Simmons wrote: [...] > > @pyunyh, I'm moving this to varnish-misc, which is the more appropriate > list for a user question like this. > Thanks for correcting me. Subscribed to varnish-misc@ > This is a general issue with VCL failure -- in vcl_synth, you can tell > from resp.reason=="VCL failed" that it was VCL failure that you got you > there, but there is little to no information about what caused the > failure, so it can be difficult to impossible to implement specific > error handling. > > I can see why you need this for the vmod blob use case. But I would > suggest that the Varnish dev team consider a general solution for > identifying the cause of a VCL failure, rather than special-casing a > solution for the vmod. > > @pyunyh, as a workaround you might go to the old trick of using a > request header as a variable: > > # assuming that req.http.X-Sec-WebSocket-Key-Validated is not set > # at this point, or not set to "true" > if (blob.length(blob.decode(BASE64, 0, req.http.Sec-WebSocket-Key)) != 16) { > return (synth(400, "Bad Request")); > } > set req.http.X-Sec-WebSocket-Key-Validated = "true"; > > # now in vcl_synth: > if (resp.reason == "VCL failed" > && req.http.X-Sec-WebSocket-Key-Validated != "true") { > set resp.status = 400; > set resp.reason = "Bad Request"; > } That approach was the first one in my experiments and it didn't work. It seems there are two paths here. One is voluntary synth() call in VCL and the other is indirect call via unconditional 'return (fail)'. Header variable tricks works for the former case only. If there was an decoding or memory related error in blob it appears to trigger internal 'return (fail)' which in turn have an effect of resetting all header variables with std.rollback(). So there are *NO* header variables available in this case. The half-working and ugly code I have looks like the following. sub vcl_synth { ... if (resp.status == 503 && resp.reason == "VCL failed") { if (req.method == "GET" && req.proto == "HTTP/1.1" && req.http.Upgrade && ... other conditions ... req.http.Sec-WebSocket-Key && req.url ~ "^/path/to/WebSocket") { set resp.status = 400; } } ... } Unfortunately this does not work as req.url points to original URL such that it nullifies URL rewrting rules that were applied. Thanks. From mandys at gmail.com Thu Nov 7 06:32:14 2019 From: mandys at gmail.com (Maninder Singh) Date: Thu, 7 Nov 2019 12:02:14 +0530 Subject: Conditional Logging ( using varnishncsa ) Message-ID: Hi, We have logging turned on using varnishncsa. /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -f /etc/sysconfig/varnishncsa Here is what's defined in varnishncsa %{X-Forwarded-For}i %l %u %t %D \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{Host}i\" %{Varnish:hitmiss}x However, this would log EVERY request that goes through varnish. We have a monitoring server that hits it aggressively ( and also static files ). x.x.x.x - - [07/Nov/2019:00:22:53 -0600] 2080 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss x.x.x.x - - [07/Nov/2019:00:22:58 -0600] 2472 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss x.x.x.x - - [07/Nov/2019:00:22:59 -0600] 1919 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss Is there a way in which I can exclude these from varnish logs ? In apache I would just do SetEnvIf Request_URI "\.(jpeg|jpg|xml|png|gif|ico|js|css|swf|woff|ttf|eot\?|js?.|css?.)$" DontLog SetEnvIfNoCase User-Agent "(HTTP-Monitor)" DontLog CustomLog /var/www/logs/access_80_log combined env=!DontLog This would otherwise just keep filling up the logs. Let me know. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi at varni.sh Thu Nov 7 07:01:14 2019 From: dridi at varni.sh (Dridi Boukelmoune) Date: Thu, 7 Nov 2019 07:01:14 +0000 Subject: Conditional Logging ( using varnishncsa ) In-Reply-To: References: Message-ID: On Thu, Nov 7, 2019 at 6:34 AM Maninder Singh wrote: > > Hi, > > We have logging turned on using varnishncsa. > > /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -f /etc/sysconfig/varnishncsa > > Here is what's defined in varnishncsa > > %{X-Forwarded-For}i %l %u %t %D \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{Host}i\" %{Varnish:hitmiss}x > > However, this would log EVERY request that goes through varnish. > > We have a monitoring server that hits it aggressively ( and also static files ). > > x.x.x.x - - [07/Nov/2019:00:22:53 -0600] 2080 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > x.x.x.x - - [07/Nov/2019:00:22:58 -0600] 2472 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > x.x.x.x - - [07/Nov/2019:00:22:59 -0600] 1919 "GET http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > > Is there a way in which I can exclude these from varnish logs ? > > In apache I would just do > > SetEnvIf Request_URI "\.(jpeg|jpg|xml|png|gif|ico|js|css|swf|woff|ttf|eot\?|js?.|css?.)$" DontLog > SetEnvIfNoCase User-Agent "(HTTP-Monitor)" DontLog > CustomLog /var/www/logs/access_80_log combined env=!DontLog > > This would otherwise just keep filling up the logs. Do something like this with your command line: > varnishncsa [...] -q 'not (ReqHeader:User-Agent ~ "HTTP-Monitor" or ReqURL ~ "\.(jpeg|jpg|xml|png|gif|ico|js|css|swf|woff|ttf|eot\?|js?.|css?.)$")' See man varnishncsa, man vsl and man vsl-query. Dridi From mandys at gmail.com Thu Nov 7 07:23:12 2019 From: mandys at gmail.com (Maninder Singh) Date: Thu, 7 Nov 2019 12:53:12 +0530 Subject: Conditional Logging ( using varnishncsa ) In-Reply-To: References: Message-ID: Thank you Dridi. This worked :-) On Thu, 7 Nov 2019 at 12:31, Dridi Boukelmoune wrote: > On Thu, Nov 7, 2019 at 6:34 AM Maninder Singh wrote: > > > > Hi, > > > > We have logging turned on using varnishncsa. > > > > /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -f > /etc/sysconfig/varnishncsa > > > > Here is what's defined in varnishncsa > > > > %{X-Forwarded-For}i %l %u %t %D \"%r\" %s %b \"%{Referer}i\" > \"%{User-agent}i\" \"%{Host}i\" %{Varnish:hitmiss}x > > > > However, this would log EVERY request that goes through varnish. > > > > We have a monitoring server that hits it aggressively ( and also static > files ). > > > > x.x.x.x - - [07/Nov/2019:00:22:53 -0600] 2080 "GET > http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > > x.x.x.x - - [07/Nov/2019:00:22:58 -0600] 2472 "GET > http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > > x.x.x.x - - [07/Nov/2019:00:22:59 -0600] 1919 "GET > http://localhost/index.php HTTP/1.0" 200 8 "-" "HTTP-Monitor/1.1" "-" miss > > > > Is there a way in which I can exclude these from varnish logs ? > > > > In apache I would just do > > > > SetEnvIf Request_URI > "\.(jpeg|jpg|xml|png|gif|ico|js|css|swf|woff|ttf|eot\?|js?.|css?.)$" DontLog > > SetEnvIfNoCase User-Agent "(HTTP-Monitor)" DontLog > > CustomLog /var/www/logs/access_80_log combined env=!DontLog > > > > This would otherwise just keep filling up the logs. > > Do something like this with your command line: > > > varnishncsa [...] -q 'not (ReqHeader:User-Agent ~ "HTTP-Monitor" or > ReqURL ~ > "\.(jpeg|jpg|xml|png|gif|ico|js|css|swf|woff|ttf|eot\?|js?.|css?.)$")' > > See man varnishncsa, man vsl and man vsl-query. > > Dridi > -------------- next part -------------- An HTML attachment was scrubbed... URL: From digit.fpfis at gmail.com Fri Nov 8 08:37:50 2019 From: digit.fpfis at gmail.com (EC DIGIT FPFIS) Date: Fri, 8 Nov 2019 09:37:50 +0100 Subject: unset X-Varnish header to the backend server but keep it in the response to client Message-ID: Dear all, Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I have an issue concerning unset a header to a backend but keep it in the resp. Indeed, I cannot use it in vcl_backend_response because it's unset before (vcl_pass/vcl_backend_fetch)... In the documentation ( https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I can see that "if you do not wish to send the X-Varnish header to the backend server, you can remove it in vcl_miss or vcl_pass. For that case, you can use unset bereq.http.x-varnish;." but I cannot use bereq in vcl_miss/vcl_pass. Do you have any idea how to keep this header in vcl_backend_response but without send it to backend? In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set in vcl_fetch. *Vcl code:* vcl 4.1; import std; backend dev { .host = "127.0.0.1"; .port = "8080"; } sub vcl_recv { set req.http.App="App1"; set req.backend_hint = dev; return (hash); } sub vcl_miss { unset req.http.App; } sub vcl_pass { unset req.http.App; } sub vcl_backend_fetch { unset bereq.http.App; } sub vcl_backend_response { if (bereq.http.App) { set beresp.http.Debug = "test"; set beresp.ttl = 10s; set beresp.grace = 10s; return (deliver); // not applied } } sub vcl_deliver { set res.http.App; } *Goal*: - Currently: App header in unset for backend & client (unable to use it in vcl_backend_response) - Goal: App header can be used for conditions in vcl_backend_response but not sent to the backend Best regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi at varni.sh Fri Nov 8 16:25:23 2019 From: dridi at varni.sh (Dridi Boukelmoune) Date: Fri, 8 Nov 2019 16:25:23 +0000 Subject: unset X-Varnish header to the backend server but keep it in the response to client In-Reply-To: References: Message-ID: Hi, Thank you for taking the time to reach out to this list. On Fri, Nov 8, 2019 at 8:39 AM EC DIGIT FPFIS wrote: > > Dear all, > > Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I have an issue concerning unset a header to a backend but keep it in the resp. > > Indeed, I cannot use it in vcl_backend_response because it's unset before (vcl_pass/vcl_backend_fetch)... > > In the documentation (https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I can see that "if you do not wish to send the X-Varnish header to the backend server, you can remove it in vcl_miss or vcl_pass. For that case, you can use unset bereq.http.x-varnish;." but I cannot use bereq in vcl_miss/vcl_pass. This is a bug in the varnish book, it lives here: https://github.com/varnish/varnish-book > Do you have any idea how to keep this header in vcl_backend_response but without send it to backend? > > In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set in vcl_fetch. Nowadays you would do that in vcl_backend_fetch, but the tricky part is that you no longer have access to the client context. So instead you need to "pollute" your bereq to find that information or use a different tool like vmod_var or something similar. > Vcl code: > > vcl 4.1; > import std; > > backend dev { > .host = "127.0.0.1"; > .port = "8080"; > } > > sub vcl_recv { > set req.http.App="App1"; > set req.backend_hint = dev; > return (hash); > } > > sub vcl_miss { > unset req.http.App; > } > > sub vcl_pass { > unset req.http.App; > } Don't do anything in vcl_miss or vcl_pass. > sub vcl_backend_fetch { > unset bereq.http.App; > } Here you may do something like this: sub vcl_backend_fetch { if (bereq.http.App) { var.set("app", bereq.http.App); unset bereq.http.App; } } > sub vcl_backend_response { > if (bereq.http.App) { > set beresp.http.Debug = "test"; > set beresp.ttl = 10s; > set beresp.grace = 10s; > return (deliver); // not applied > } > } And here, something like that: sub vcl_backend_response { if (var.get("app")) { set beresp.ttl = 10s; set beresp.grace = 10s; return (deliver); } } > sub vcl_deliver { > set res.http.App; > } > > Goal: > > Currently: App header in unset for backend & client (unable to use it in vcl_backend_response) > Goal: App header can be used for conditions in vcl_backend_response but not sent to the backend See https://github.com/varnish/varnish-modules/blob/master/docs/vmod_var.rst Dridi From digit.fpfis at gmail.com Mon Nov 11 07:07:43 2019 From: digit.fpfis at gmail.com (FPFIS) Date: Mon, 11 Nov 2019 08:07:43 +0100 Subject: unset X-Varnish header to the backend server but keep it in the response to client In-Reply-To: References: Message-ID: Hello Dridi and thank you for you answer. I try to use vmod_var but there are another issue. Apparently I need to use global var to get it between vcl_recv & vcl_backend_response (it's empty if I try a 'simple' var) Moreover, the global var are kept for the next requests so I fear that a conflict can appear between requests. Best regards, Le ven. 8 nov. 2019 ? 17:26, Dridi Boukelmoune a ?crit : > Hi, > > Thank you for taking the time to reach out to this list. > > On Fri, Nov 8, 2019 at 8:39 AM EC DIGIT FPFIS > wrote: > > > > Dear all, > > > > Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I > have an issue concerning unset a header to a backend but keep it in the > resp. > > > > Indeed, I cannot use it in vcl_backend_response because it's unset > before (vcl_pass/vcl_backend_fetch)... > > > > In the documentation ( > https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I > can see that "if you do not wish to send the X-Varnish header to the > backend server, you can remove it in vcl_miss or vcl_pass. For that case, > you can use unset bereq.http.x-varnish;." but I cannot use bereq in > vcl_miss/vcl_pass. > > This is a bug in the varnish book, it lives here: > > https://github.com/varnish/varnish-book > > > Do you have any idea how to keep this header in vcl_backend_response but > without send it to backend? > > > > In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set > in vcl_fetch. > > Nowadays you would do that in vcl_backend_fetch, but the tricky part > is that you no longer have access to the client context. So instead > you need to "pollute" your bereq to find that information or use a > different tool like vmod_var or something similar. > > > Vcl code: > > > > vcl 4.1; > > import std; > > > > backend dev { > > .host = "127.0.0.1"; > > .port = "8080"; > > } > > > > sub vcl_recv { > > set req.http.App="App1"; > > set req.backend_hint = dev; > > return (hash); > > } > > > > sub vcl_miss { > > unset req.http.App; > > } > > > > sub vcl_pass { > > unset req.http.App; > > } > > Don't do anything in vcl_miss or vcl_pass. > > > sub vcl_backend_fetch { > > unset bereq.http.App; > > } > > Here you may do something like this: > > sub vcl_backend_fetch { > if (bereq.http.App) { > var.set("app", bereq.http.App); > unset bereq.http.App; > } > } > > > sub vcl_backend_response { > > if (bereq.http.App) { > > set beresp.http.Debug = "test"; > > set beresp.ttl = 10s; > > set beresp.grace = 10s; > > return (deliver); // not applied > > } > > } > > And here, something like that: > > sub vcl_backend_response { > if (var.get("app")) { > set beresp.ttl = 10s; > set beresp.grace = 10s; > return (deliver); > } > } > > > sub vcl_deliver { > > set res.http.App; > > } > > > > Goal: > > > > Currently: App header in unset for backend & client (unable to use it in > vcl_backend_response) > > Goal: App header can be used for conditions in vcl_backend_response but > not sent to the backend > > See > https://github.com/varnish/varnish-modules/blob/master/docs/vmod_var.rst > > Dridi > -------------- next part -------------- An HTML attachment was scrubbed... URL: From y.karayiannidis at stoiximan.gr Thu Nov 14 10:43:16 2019 From: y.karayiannidis at stoiximan.gr (Yiannis Karayiannidis) Date: Thu, 14 Nov 2019 12:43:16 +0200 Subject: Usage of the Shard director ( rampup period ) Message-ID: Hello all, I'm trying to use the Shard director sub vcl_init { new dir_b = directors.shard(); dir_b .add_backend(wb3); dir_b .add_backend(wb2); dir_b.add_backend(wb1); dir_b .set_rampup(2m); dir_b .reconfigure(); } I'm trying to debug rampup period for a failed backend, cause it seems to me that the server is getting back in the pool before the 2 minutes rampup period. Any ideas will be appreciated. Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Thu Nov 14 18:15:59 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Thu, 14 Nov 2019 10:15:59 -0800 Subject: Usage of the Shard director ( rampup period ) In-Reply-To: References: Message-ID: Hi, Did you configure probes for that backend? -- Guillaume Quintard On Thu, Nov 14, 2019 at 2:45 AM Yiannis Karayiannidis < y.karayiannidis at stoiximan.gr> wrote: > Hello all, > I'm trying to use the Shard director > > sub vcl_init { > new dir_b = directors.shard(); > dir_b .add_backend(wb3); > dir_b .add_backend(wb2); > dir_b.add_backend(wb1); > dir_b .set_rampup(2m); > dir_b .reconfigure(); > } > > I'm trying to debug rampup period for a failed backend, cause it seems to > me that the server is getting back in the pool before the 2 minutes rampup > period. > > Any ideas will be appreciated. > > Regards > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From geoff at uplex.de Thu Nov 14 18:30:17 2019 From: geoff at uplex.de (Geoff Simmons) Date: Thu, 14 Nov 2019 19:30:17 +0100 Subject: Usage of the Shard director ( rampup period ) In-Reply-To: References: Message-ID: On 11/14/19 11:43, Yiannis Karayiannidis wrote: > > sub vcl_init { > new dir_b = directors.shard(); > dir_b .add_backend(wb3); > dir_b .add_backend(wb2); > dir_b.add_backend(wb1); > dir_b .set_rampup(2m); > dir_b .reconfigure(); > } > > I'm trying to debug rampup period for a failed backend, cause it seems to > me that the server is getting back in the pool before the 2 minutes rampup > period. What exactly do you mean by "getting back in the pool before the 2 minutes"? What were you expecting? Rampup means that requests are directed to a backend, gradually and increasingly, during the rampup period after a backend is added to the pool. Say after the backend goes from failing health probes to being healthy again. Specifically, set_rampup(2m) means that during the two minutes after a backend is added to the pool, requests are directed to the alternative backend with linear decreasing probability, from 100% just after the backend is added, to 0% after the two minutes are up. For example, at 90 seconds, there is a 75% probability that the backend will receive requests that sharding would direct to it. So it's to be expected that a backend will receive requests during rampup. HTH, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From y.karayiannidis at stoiximan.gr Mon Nov 18 08:37:12 2019 From: y.karayiannidis at stoiximan.gr (Yiannis Karayiannidis) Date: Mon, 18 Nov 2019 10:37:12 +0200 Subject: Usage of the Shard director ( rampup period ) In-Reply-To: References: Message-ID: Hello Guys, thanks a lot for the answer Geof. The shard director does what is expected to do. It was a misunderstanding from my side. Thanks again and sorry for the noise Regards On Thu, Nov 14, 2019 at 8:32 PM Geoff Simmons wrote: > On 11/14/19 11:43, Yiannis Karayiannidis wrote: > > > > sub vcl_init { > > new dir_b = directors.shard(); > > dir_b .add_backend(wb3); > > dir_b .add_backend(wb2); > > dir_b.add_backend(wb1); > > dir_b .set_rampup(2m); > > dir_b .reconfigure(); > > } > > > > I'm trying to debug rampup period for a failed backend, cause it seems > to > > me that the server is getting back in the pool before the 2 minutes > rampup > > period. > > What exactly do you mean by "getting back in the pool before the 2 > minutes"? What were you expecting? > > Rampup means that requests are directed to a backend, gradually and > increasingly, during the rampup period after a backend is added to the > pool. Say after the backend goes from failing health probes to being > healthy again. > > Specifically, set_rampup(2m) means that during the two minutes after a > backend is added to the pool, requests are directed to the alternative > backend with linear decreasing probability, from 100% just after the > backend is added, to 0% after the two minutes are up. For example, at 90 > seconds, there is a 75% probability that the backend will receive > requests that sharding would direct to it. > > So it's to be expected that a backend will receive requests during rampup. > > > HTH, > Geoff > -- > ** * * UPLEX - Nils Goroll Systemoptimierung > > Scheffelstra?e 32 > 22301 Hamburg > > Tel +49 40 2880 5731 > Mob +49 176 636 90917 > Fax +49 40 42949753 > > http://uplex.de > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- [image: Stoiximan Logo] Yiannis Karayiannidis Head of Systems Mob: +30 6981661410 <+30+6981661410> E-mail: y.karayiannidis at stoiximan.gr -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntheo1986 at gmail.com Tue Nov 19 21:21:22 2019 From: ntheo1986 at gmail.com (Nikos Theodosiadis) Date: Tue, 19 Nov 2019 23:21:22 +0200 Subject: Varnish Issue Message-ID: Hello everyone, today i had a strange panic error on my Varnish. It is not really obvious to me what went wrong, any help would be much appreciated. I'm running varnish 6.0.3 Panic at: Tue, 19 Nov 2019 19:28:02 GMT Assert error in vbf_stp_error(), cache/cache_fetch.c line 800:Condition((VSB_finish(synth_body)) == 0) not true. version = varnish-6.0.3 revision 7d1ded3aa033a018317dbafc61587026ea2ef8a3, vrt api = 7.0 ident = Linux,3.10.0-693.11.6.el7.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll now = 17076364.384963 (mono), 1574191668.252235 (real) Backtrace: errno = 12 (Cannot allocate memory) thread = (cache-worker) thr.req = (nil) { }, thr.busyobj = 0x7fada9c7e020 { end = 0x7fada9c8e000, retries = 0, sp = 0x7fad00501620 { fd = 13433, vxid = 694059016, t_open = 1574191668.121636, t_idle = 1574191668.121636, ws = 0x7fad00501660 { id = \"ses\", {s, f, r, e} = {0x7fad00501698, +56, (nil), +352}, }, transport = HTTP/1 { state = HTTP1::Proc } client = 0.0.0.0 0 /dev/shm/varnish.sock, }, worker = 0x7fac63522bd0 { ws = 0x7fac63522c78 { id = \"wrk\", {s, f, r, e} = {0x7fac63522380, +0, (nil), +2040}, }, VCL::method = BACKEND_ERROR, VCL::return = fail, VCL::methods = {BACKEND_FETCH, BACKEND_RESPONSE, BACKEND_ERROR}, }, vfc = 0x7fada9c7ff10 { failed = 1, req = 0x7fada9c7e620, resp = 0x7fada9c7ea98, wrk = 0x7fac63522bd0, oc = 0x7fac9bd5f140, filters = { V1F_STRAIGHT = 0x7fada9c858c0 { priv1 = 0x7fada9c808c0, priv2 = 19999, closed = 0 }, }, obj_flags = 0x0, }, ws = 0x7fada9c7e058 { id = \"bo\", {s, f, r, e} = {0x7fada9c7ff58, +23096, (nil), +57504}, }, ws_bo = 0x7fada9c808a8, http[bereq] = 0x7fada9c7e620 { ws = 0x7fada9c7e058 { [Already dumped, see above] }, hdrs { \"GET\", \"/openreqs?_=1574191667646\", \"HTTP/1.1\", \"Host: www.xxx.yy\", \"X-Real-IP: 176.58.172.113\", \"X-Forwarded-Proto: https\", \"Accept-Encoding: gzip\", \"CF-IPCountry: GB\", \"accept: application/json, text/javascript, /; q=0.01\", \"dnt: 1\", \"x-requested-with: XMLHttpRequest\", \"user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36\", \"sec-fetch-site: same-origin\", \"sec-fetch-mode: cors\", \"referer: https://www.xxx.yy/\", \"accept-language: en-GB,en;q=0.9,q=0.8,el;q=0.7,en-US;q=0.6,de;q=0.5\", \"CF-Connecting-IP: 176.58.172.113\", \"CDN-Loop:MF\", \"X-Forwarded-For: 176.58.172.113, 176.58.172.113, 0.0.0.0\", \"sticky: 9.385\", \"cookie: __uid=d69a4ebccdf450dca2f56195270fb54101561187829; _landing=1;sticky=stx9.385; _tz=120; _tz_intl=Europe%2FLondon; ", \"X-defHash: /openreqs?_=1574191667646 + www.xxx.yy\", \"X-Varnish: 694059018\", }, }, http[beresp] = 0x7fada9c7ea98 { ws = 0x7fada9c7e058 { [Already dumped, see above] }, hdrs { \"HTTP/1.1\", \"503\", \"Backend fetch failed\", \"Date: Tue, 19 Nov 2019 19:27:48 GMT\", \"Server: Varnish\", \"Content-Type: text/html; charset=utf-8\", \"Retry-After: 5\", }, }, objcore[fetch] = 0x7fac9bd5f140 { refcnt = 2, flags = {busy, hfm, private}, exp_flags = {}, boc = 0x7fac9bd61ce0 { refcnt = 2, state = req_done, vary = (nil), stevedore_priv = (nil), }, exp = {1574191668.252177, 0.000000, 0.000000, 0.000000}, objhead = 0x7faeea0ce160, stevedore = (nil), }, flags = {do_stream, do_pass, uncacheable}, director_req = 0x7faeea0e1310 { vcl_name = web01, health = healthy, admin_health = probe, changed = 1574176692.243255, type = backend { display_name = boot.web01, ipv4 = xxx.xxx.xxx.xxx, port = 80, hosthdr = xxx.xxx.xxx.xxx, n_conn = 24, }, }, director_resp = director_req, vcl = { name = \"boot\", busy = 46459, discard = 0, state = auto, temp = warm, conf = { syntax = \"41\", srcname = { \"/etc/varnish/default.vcl\", \"Builtin\", \"/etc/varnish/origins1.vcl\", \"/etc/varnish/origins-2.vcl\", \"/etc/varnish/origins-3.vcl\", \"/etc/varnish/origins-others.vcl\", \"/etc/varnish/origins-4.vcl\", \"/etc/varnish/origins5.vcl\", \"/etc/varnish/ban.vcl\", \"/etc/varnish/backend_error.vcl\", }, }, }, }, vmods = { std = {Varnish 6.0.3 7d1ded3aa033a018317dbafc61587026ea2ef8a3, 0.0}, directors = {Varnish 6.0.3 7d1ded3aa033a018317dbafc61587026ea2ef8a3, 0.0}, cookie = {Varnish 6.0.3 7d1ded3aa033a018317dbafc61587026ea2ef8a3, 7.0}, header = {Varnish 6.0.3 7d1ded3aa033a018317dbafc61587026ea2ef8a3, 7.0}, }, Could you please take a look and advise? Thank you in advance Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From slink at schokola.de Wed Nov 20 01:53:34 2019 From: slink at schokola.de (Nils Goroll) Date: Wed, 20 Nov 2019 02:53:34 +0100 Subject: Varnish Issue In-Reply-To: References: Message-ID: <4c99b787-8b46-1cfe-1bfb-aadc04271cd1@schokola.de> On 19/11/2019 22:21, Nikos Theodosiadis wrote: > Assert error in vbf_stp_error(), cache/cache_fetch.c line > 800:Condition((VSB_finish(synth_body)) == 0) not true. > version = varnish-6.0.3 revision 7d1ded3aa033a018317dbafc61587026ea2ef8a3, vrt > api = 7.0 > ident = > Linux,3.10.0-693.11.6.el7.x86_64,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll > now = 17076364.384963 (mono), 1574191668.252235 (real) > Backtrace: > errno = 12 (Cannot allocate memory) This was likely an out-of-memory condition. Varnish should generally be configured such that there is always some (100s of MB) memory available on the system. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Tue Nov 26 14:56:31 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Tue, 26 Nov 2019 09:56:31 -0500 Subject: Simple VCL help? Message-ID: Hello fellow Varnish users- I hope this is not a redundant question, but I do have a simple question for a Varnish config: I am running Word-press behind a varnish cluster and everything works great. I do seem to have one simple issue. I want to allow a "pass" for Woo-commerce login which looks like this: */?page_id=1955&edit-account* My current vcl to pass logins for Word-press looks like: *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return (pass);} * I just want to add the */?page_id=1955&edit-account* to the above so users can alo log in via that page as well. Is this possible? Thank you, Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Tue Nov 26 15:12:29 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Tue, 26 Nov 2019 07:12:29 -0800 Subject: Simple VCL help? In-Reply-To: References: Message-ID: Hi Alex, You can do: *sub vcl_recv {* * if (req.url ~ "wp-admin|wp-login" ||* * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * [^?]+\?([^&]*&)*edit-account(&|$)*) {* * return (pass);* * }* *} * There are vmods to handle this more cleanly, but this regex approach will work everywhere. -- Guillaume Quintard On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky wrote: > Hello fellow Varnish users- > > I hope this is not a redundant question, but I do have a simple question > for a Varnish config: > > > I am running Word-press behind a varnish cluster and everything works > great. I do seem to have one simple issue. > > > I want to allow a "pass" for Woo-commerce login which looks like this: > > */?page_id=1955&edit-account* > > > My current vcl to pass logins for Word-press looks like: > > > > > *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return (pass);} * > > > I just want to add the */?page_id=1955&edit-account* to the above so > users can alo log in via that page as well. > > Is this possible? > > > Thank you, > Alex > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Tue Nov 26 17:41:20 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Tue, 26 Nov 2019 12:41:20 -0500 Subject: Simple VCL help? In-Reply-To: References: Message-ID: Thank you Guillaume!! Alex On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < guillaume at varnish-software.com> wrote: > Hi Alex, > > You can do: > > > *sub vcl_recv {* > * if (req.url ~ "wp-admin|wp-login" ||* > * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * > [^?]+\?([^&]*&)*edit-account(&|$)*) {* > * return (pass);* > * }* > *} * > > > There are vmods to handle this more cleanly, but this regex approach will > work everywhere. > > -- > Guillaume Quintard > > > On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky > wrote: > >> Hello fellow Varnish users- >> >> I hope this is not a redundant question, but I do have a simple question >> for a Varnish config: >> >> >> I am running Word-press behind a varnish cluster and everything works >> great. I do seem to have one simple issue. >> >> >> I want to allow a "pass" for Woo-commerce login which looks like this: >> >> */?page_id=1955&edit-account* >> >> >> My current vcl to pass logins for Word-press looks like: >> >> >> >> >> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return (pass);} * >> >> >> I just want to add the */?page_id=1955&edit-account* to the above so >> users can alo log in via that page as well. >> >> Is this possible? >> >> >> Thank you, >> Alex >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Tue Nov 26 17:49:34 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Tue, 26 Nov 2019 12:49:34 -0500 Subject: Simple VCL help? In-Reply-To: References: Message-ID: getting: VCL compilation failed Error: Message from VCC-compiler: Syntax error at ('/etc/varnish/default.vcl' Line 72 Pos 92) if (req.url ~ "wp-admin|wp-login" || (req.url ~ "[^?]+\?([^&]*&)*page_id=1955(&|$)") && [^?]+\?([^&]*&)*edit-account(&|$)) { -------------------------------------------------------------------------------------------#----------------------------------- Running VCC-compiler failed, exited with 2 VCL compilation failed On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < guillaume at varnish-software.com> wrote: > Hi Alex, > > You can do: > > > *sub vcl_recv {* > * if (req.url ~ "wp-admin|wp-login" ||* > * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * > [^?]+\?([^&]*&)*edit-account(&|$)*) {* > * return (pass);* > * }* > *} * > > > There are vmods to handle this more cleanly, but this regex approach will > work everywhere. > > -- > Guillaume Quintard > > > On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky > wrote: > >> Hello fellow Varnish users- >> >> I hope this is not a redundant question, but I do have a simple question >> for a Varnish config: >> >> >> I am running Word-press behind a varnish cluster and everything works >> great. I do seem to have one simple issue. >> >> >> I want to allow a "pass" for Woo-commerce login which looks like this: >> >> */?page_id=1955&edit-account* >> >> >> My current vcl to pass logins for Word-press looks like: >> >> >> >> >> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return (pass);} * >> >> >> I just want to add the */?page_id=1955&edit-account* to the above so >> users can alo log in via that page as well. >> >> Is this possible? >> >> >> Thank you, >> Alex >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Tue Nov 26 17:50:02 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Tue, 26 Nov 2019 12:50:02 -0500 Subject: Simple VCL help? In-Reply-To: References: Message-ID: sorry, forgot to add: vcl 4.1; On Tue, Nov 26, 2019 at 12:49 PM Alex Evonosky wrote: > getting: > > VCL compilation failed > Error: > Message from VCC-compiler: > Syntax error at > ('/etc/varnish/default.vcl' Line 72 Pos 92) > if (req.url ~ "wp-admin|wp-login" || (req.url ~ > "[^?]+\?([^&]*&)*page_id=1955(&|$)") && [^?]+\?([^&]*&)*edit-account(&|$)) { > > -------------------------------------------------------------------------------------------#----------------------------------- > > Running VCC-compiler failed, exited with 2 > VCL compilation failed > > > > On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < > guillaume at varnish-software.com> wrote: > >> Hi Alex, >> >> You can do: >> >> >> *sub vcl_recv {* >> * if (req.url ~ "wp-admin|wp-login" ||* >> * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * >> [^?]+\?([^&]*&)*edit-account(&|$)*) {* >> * return (pass);* >> * }* >> *} * >> >> >> There are vmods to handle this more cleanly, but this regex approach will >> work everywhere. >> >> -- >> Guillaume Quintard >> >> >> On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky >> wrote: >> >>> Hello fellow Varnish users- >>> >>> I hope this is not a redundant question, but I do have a simple question >>> for a Varnish config: >>> >>> >>> I am running Word-press behind a varnish cluster and everything works >>> great. I do seem to have one simple issue. >>> >>> >>> I want to allow a "pass" for Woo-commerce login which looks like this: >>> >>> */?page_id=1955&edit-account* >>> >>> >>> My current vcl to pass logins for Word-press looks like: >>> >>> >>> >>> >>> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return >>> (pass);} * >>> >>> >>> I just want to add the */?page_id=1955&edit-account* to the above so >>> users can alo log in via that page as well. >>> >>> Is this possible? >>> >>> >>> Thank you, >>> Alex >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Wed Nov 27 16:27:57 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Wed, 27 Nov 2019 08:27:57 -0800 Subject: Wrong VMOD_ABI_Version in 6.0.5 src rpm In-Reply-To: References: Message-ID: Hi, Moving to varnish-misc. This isn't a mistake, the ABI version is basically the git commit hash of the version, so each new version will have a different value. Vmods can require either a loose or a strict API/ABI compatibility. Loose is only a check on the external API number (7.x at the moment I believe) and strict is what you are experiencing. You either need to rebuild your vmods, or, if possible, switch to a loose check (only if you don't use internal APIs) Hope that clarifies things. On Wed, Nov 27, 2019, 04:22 Massimiliano Bellomi < massimiliano at scientiamobile.com> wrote: > Hi, > > it seems that the source rpm package published on packagecloud.io ( > https://packagecloud.io/varnishcache/varnish60lts/packages/el/7/varnish-6.0.5-1.el7.src.rpm > ) > contains a wrong VMOD_ABI_Version define. > > #define VMOD_ABI_Version "Varnish 6.0.4 > 204a927f4a4283529fc89f5182fe8cc3f2d0f617" > instead of > #define VMOD_ABI_Version "Varnish 6.0.5 > 3065ccaacc4bb537fb976a524bd808db42c5fe40" > > This cause a "Incompatible VMOD" message when you try to import modules > built using that source package. > > The source package listed in the 6.0.5 release page ( > https://varnish-cache.org/releases/rel6.0.5.html) contains the > right VMOD_ABI_Version define > > Regards > -Massimiliano > -- > Massimiliano Bellomi > Senior Software Engineer > Scientiamobile Italy - massimiliano at scientiamobile.com +39 338 6990288 > Milano Office : +39 02 620227260 > skype: massimiliano.bellomi > _______________________________________________ > varnish-dist mailing list > varnish-dist at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dist > -------------- next part -------------- An HTML attachment was scrubbed... URL: From geoff at uplex.de Wed Nov 27 16:40:32 2019 From: geoff at uplex.de (Geoff Simmons) Date: Wed, 27 Nov 2019 17:40:32 +0100 Subject: Wrong VMOD_ABI_Version in 6.0.5 src rpm In-Reply-To: References: Message-ID: <1ea4dbfd-349d-5ff6-a992-4fadc8d0e540@uplex.de> On 11/27/19 17:27, Guillaume Quintard wrote: >> >> https://packagecloud.io/varnishcache/varnish60lts/packages/el/7/varnish-6.0.5-1.el7.src.rpm Note version 6.0.5. >> contains a wrong VMOD_ABI_Version define. >> >> #define VMOD_ABI_Version "Varnish 6.0.4 >> 204a927f4a4283529fc89f5182fe8cc3f2d0f617" >> instead of >> #define VMOD_ABI_Version "Varnish 6.0.5 >> 3065ccaacc4bb537fb976a524bd808db42c5fe40" I think the problem here is not the usual hassle of updating VMODs with strict ABI compatibility. It looks like the wrong ABI version is declared. Best, Geoff -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From guillaume at varnish-software.com Wed Nov 27 16:52:48 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Wed, 27 Nov 2019 08:52:48 -0800 Subject: Wrong VMOD_ABI_Version in 6.0.5 src rpm In-Reply-To: <1ea4dbfd-349d-5ff6-a992-4fadc8d0e540@uplex.de> References: <1ea4dbfd-349d-5ff6-a992-4fadc8d0e540@uplex.de> Message-ID: I stand corrected. I can have a look. -- Guillaume Quintard On Wed, Nov 27, 2019 at 8:40 AM Geoff Simmons wrote: > On 11/27/19 17:27, Guillaume Quintard wrote: > >> > >> > https://packagecloud.io/varnishcache/varnish60lts/packages/el/7/varnish-6.0.5-1.el7.src.rpm > > Note version 6.0.5. > > >> contains a wrong VMOD_ABI_Version define. > >> > >> #define VMOD_ABI_Version "Varnish 6.0.4 > >> 204a927f4a4283529fc89f5182fe8cc3f2d0f617" > > >> instead of > > >> #define VMOD_ABI_Version "Varnish 6.0.5 > >> 3065ccaacc4bb537fb976a524bd808db42c5fe40" > > I think the problem here is not the usual hassle of updating VMODs with > strict ABI compatibility. It looks like the wrong ABI version is declared. > > > Best, > Geoff > -- > ** * * UPLEX - Nils Goroll Systemoptimierung > > Scheffelstra?e 32 > 22301 Hamburg > > Tel +49 40 2880 5731 > Mob +49 176 636 90917 > Fax +49 40 42949753 > > http://uplex.de > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Thu Nov 28 03:50:16 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Wed, 27 Nov 2019 22:50:16 -0500 Subject: Simple VCL help? In-Reply-To: References: Message-ID: Does this require some import as well? On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < guillaume at varnish-software.com> wrote: > Hi Alex, > > You can do: > > > *sub vcl_recv {* > * if (req.url ~ "wp-admin|wp-login" ||* > * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * > [^?]+\?([^&]*&)*edit-account(&|$)*) {* > * return (pass);* > * }* > *} * > > > There are vmods to handle this more cleanly, but this regex approach will > work everywhere. > > -- > Guillaume Quintard > > > On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky > wrote: > >> Hello fellow Varnish users- >> >> I hope this is not a redundant question, but I do have a simple question >> for a Varnish config: >> >> >> I am running Word-press behind a varnish cluster and everything works >> great. I do seem to have one simple issue. >> >> >> I want to allow a "pass" for Woo-commerce login which looks like this: >> >> */?page_id=1955&edit-account* >> >> >> My current vcl to pass logins for Word-press looks like: >> >> >> >> >> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return (pass);} * >> >> >> I just want to add the */?page_id=1955&edit-account* to the above so >> users can alo log in via that page as well. >> >> Is this possible? >> >> >> Thank you, >> Alex >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Thu Nov 28 06:25:00 2019 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Wed, 27 Nov 2019 22:25:00 -0800 Subject: Simple VCL help? In-Reply-To: References: Message-ID: my bad, I missed a couple of things on the second test: sub vcl_recv { if (req.url ~ "wp-admin|wp-login" || (req.url ~ "[^?]+\?([^&]*&)*page_id=1955(&|$)" && req.url ~ "[^?]+\?([^&]*&)*edit-account(&|$)")) { return (pass); } } sorry about that -- Guillaume Quintard On Wed, Nov 27, 2019 at 7:50 PM Alex Evonosky wrote: > Does this require some import as well? > > > > On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < > guillaume at varnish-software.com> wrote: > >> Hi Alex, >> >> You can do: >> >> >> *sub vcl_recv {* >> * if (req.url ~ "wp-admin|wp-login" ||* >> * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * >> [^?]+\?([^&]*&)*edit-account(&|$)*) {* >> * return (pass);* >> * }* >> *} * >> >> >> There are vmods to handle this more cleanly, but this regex approach will >> work everywhere. >> >> -- >> Guillaume Quintard >> >> >> On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky >> wrote: >> >>> Hello fellow Varnish users- >>> >>> I hope this is not a redundant question, but I do have a simple question >>> for a Varnish config: >>> >>> >>> I am running Word-press behind a varnish cluster and everything works >>> great. I do seem to have one simple issue. >>> >>> >>> I want to allow a "pass" for Woo-commerce login which looks like this: >>> >>> */?page_id=1955&edit-account* >>> >>> >>> My current vcl to pass logins for Word-press looks like: >>> >>> >>> >>> >>> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return >>> (pass);} * >>> >>> >>> I just want to add the */?page_id=1955&edit-account* to the above so >>> users can alo log in via that page as well. >>> >>> Is this possible? >>> >>> >>> Thank you, >>> Alex >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.evonosky at gmail.com Thu Nov 28 20:15:36 2019 From: alex.evonosky at gmail.com (Alex Evonosky) Date: Thu, 28 Nov 2019 15:15:36 -0500 Subject: Simple VCL help? In-Reply-To: References: Message-ID: Thank you Guillaume for the response.. the VCL parsed without issue, however it did not solve my problem. I just used HAproxy to route around Varnish for that one login page. thank you again! Alex On Thu, Nov 28, 2019 at 1:25 AM Guillaume Quintard < guillaume at varnish-software.com> wrote: > my bad, I missed a couple of things on the second test: > > sub vcl_recv { > if (req.url ~ "wp-admin|wp-login" || > (req.url ~ "[^?]+\?([^&]*&)*page_id=1955(&|$)" && req.url ~ > "[^?]+\?([^&]*&)*edit-account(&|$)")) { > return (pass); > } > } > > > sorry about that > > -- > Guillaume Quintard > > > On Wed, Nov 27, 2019 at 7:50 PM Alex Evonosky > wrote: > >> Does this require some import as well? >> >> >> >> On Tue, Nov 26, 2019 at 10:12 AM Guillaume Quintard < >> guillaume at varnish-software.com> wrote: >> >>> Hi Alex, >>> >>> You can do: >>> >>> >>> *sub vcl_recv {* >>> * if (req.url ~ "wp-admin|wp-login" ||* >>> * (req.url ~ "*[^?]+\?([^&]*&)*page_id=1955(&|$)*") && * >>> [^?]+\?([^&]*&)*edit-account(&|$)*) {* >>> * return (pass);* >>> * }* >>> *} * >>> >>> >>> There are vmods to handle this more cleanly, but this regex approach >>> will work everywhere. >>> >>> -- >>> Guillaume Quintard >>> >>> >>> On Tue, Nov 26, 2019 at 6:57 AM Alex Evonosky >>> wrote: >>> >>>> Hello fellow Varnish users- >>>> >>>> I hope this is not a redundant question, but I do have a simple >>>> question for a Varnish config: >>>> >>>> >>>> I am running Word-press behind a varnish cluster and everything works >>>> great. I do seem to have one simple issue. >>>> >>>> >>>> I want to allow a "pass" for Woo-commerce login which looks like this: >>>> >>>> */?page_id=1955&edit-account* >>>> >>>> >>>> My current vcl to pass logins for Word-press looks like: >>>> >>>> >>>> >>>> >>>> *sub vcl_recv { if (req.url ~ "wp-admin|wp-login") { return >>>> (pass);} * >>>> >>>> >>>> I just want to add the */?page_id=1955&edit-account* to the above so >>>> users can alo log in via that page as well. >>>> >>>> Is this possible? >>>> >>>> >>>> Thank you, >>>> Alex >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> -------------- next part -------------- An HTML attachment was scrubbed... URL: