Fix Varnish from losing REMOTE_ADDR IP address

You got Varnish serving up cached pages! Great!
Until you realise that when you grab a users $_SERVER[‘REMOTE_ADDR’], you get your server IP address!
Not good! Lets fix that, using reverse proxy add forward module for Apache (mod_rpaf)

tar -zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
apxs -i -c -n mod_rpaf-2.0.c

Now it’s installed, you need to add some guff to your Apache httpd.conf. If you are crippled by a cPanel install, then you edit it by going into WHM, clicking Apache Configuration, Include Editor, and under Pre Main Include select all versions of Apache.  Paste in the following, inserting your servers IP address where I’ve written “Server.IP.Goes.Here”.

LoadModule rpaf_module modules/
# mod_rpaf Configuration
RPAFenable On
RPAFsethostname On
RPAFproxy_ips Server.IP.Goes.Here
RPAFheader X-Forwarded-For

Thats you! cPanel/WHM should restart the Apache server. Obviously command line commandos will type service httpd restart or one of the other similar commands, depending on your OS.
Now when you check, you will find you are getting the correct REMOTE_ADDR again!

Install Varnish Caching on CentOS with or without cPanel interference

Without messing with cPanel or Apache’s setup, we can still install Varnish to cache our pages a lot quicker, via the iptables firewall!

The problem was that changing the apache httpd.conf didnt work as expected, as cPanel does a lot of auto generating and tweaking of system files. yuk. i much prefer a terminal any day. Anyway! Lets have a look:

yum install varnish
nano /etc/sysconfig/varnish

comment out configuration 1, 3, and 4, uncomment config 2 and set as follows:

DAEMON_OPTS = " -a :8080 \                                          
                -T localhost:6082 \             
                -f /etc/varnish/default.vcl \              
                -S /etc/varnish/secret \             
                -s malloc,256m"

The -a line is the port varnish will run on. In a normal configuration, Varnish will take over port 80, so make it port 80. In the case of a server using cPanel, if you cant change your apache port to 8080, then you can set varnish to 8080 instead.

nano /etc/varnish/default.vcl

backend default {
    .host = "";
    .port = "80";

The backend is Apache. In a normal varnish setup, this port should be 8080.  Using a reverse system using iptables, apache stays as port 80. Also, the host should become the external IP in this configuration.

Now, depending on your setup, depends what happens next.

Without cPanel, under a standard setup, you will have set Varnish to port 80 and Apache to port 8080. In this case, you must edit your apache httpd.conf, searching and replacing :80 with :8080. Then just stop and start the services as below, skipping the iptables stuff.

With cPanel, we can leave that alone and instead use an iptable rule to send all port 80 requests to varnish at port 8080. Edit ~/.bashrc, pasting this in:

alias varnishon='iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishoff='iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishstatus='iptables -L -t nat |grep -q 8080; if [ "test$?" = "test0" ]; then echo "Varnish On"; else echo "Varnish Off"; fi'


You can now call, varnishon, varnishoff, and varnishstatus next login. So logout and login.

Restart Apache and start up varnish:

service httpd restart
service varnish start

You should be able to access your site on port 80 AND port 8080. The difference? Run a curl command to see the headers:

curl -I
curl -I

You’ll see the port 8080 mentions varnish.

Last thing to do is enable the iptables rule: Type in your alias command you put in bashrc:


Now port 80 is routing to port 8080, and you have varnished pages, and haven’t touched your cPanel setup!

Considerations: the header shows the page in this weird cPanel workaround setup as 301 moved permanently. Also, the site i was using captured IP addresses, but due to the proxy nature of this setup, the ips captured belonged to the server! The actual way should be to have Apache on 8080 and varnish on 80, and no ip rules at all. If you have access to WHM or cPanel, you are looking for tweak settings, and change the default apache port to 8080 in there! Good luck!

Manually compiling PHP modules successfully

This look familiar?

PHP Warning:  PHP Startup: memcached: Unable to initialize module
Module compiled with module API=20090626
PHP    compiled with module API=20100525
These options need to match

I don’t know about you, but i like to be up to date! My PHP is on 5.5, and I had to install some modules. But sometimes, old versions can rear their ugly head, and cause all manner of grief. Package managers do a good job to take care of all this for you, but sometimes they just don’t work. Leaving you to compile yourself! So lets do it! I’m going to install memcached, and then the imagick libraries (now i know what i’m doing!)

I’m doing this on a CentOS 6 server, but as we are doing the old skool way of compiling etc, this should work on any other flavour of Linux, or indeed Mac OS X.

First step is to download your .tar.gz  then unzip it with tar -zxvf file.tar.gz and change into the folder.
Bring up a web page displaying your servers php.ini. You are looking for the version of PHP API, and the extension_dir.
In your terminal, cd into the module source code folder, and type phpize.

If when you check the API versions , they are different from your php.ini, then an old version of php is being used in the terminal, and your module will not work! In this case, you need to get it to use the correct phpize.

type 'which phpize' to find out where the offending file is. (mine was /usr/bin/phpize)

My PHP appeared to be in /usr/local, so I tried running /usr/local/phpize. The API’s matched. So then I did the following:

mv /usr/bin/phpize /usr/bin/phpize-old
 ln -s /usr/local/bin/phpize /usr/bin/phpize

Half way there! We need to do the same for php-config

mv /usr/bin/php-config /usr/bin/php-config-old
 ln -s /usr/local/bin/php-config /usr/bin/php-config

Now you have done that, installation should be trivial, and work as per loads of tutorial/instrruction pages on the web.

 make install

Finally edit your php.ini and add ‘extension =’ (or whatever module you compiled), and restart your apache server!

EDIT : you may need to run ‘phpize –clean’ if it is still compiling with the older stuff from within the modules source folder