Fix Varnish from losing REMOTE_ADDR IP address

So!
You got Varnish serving up cached pages! Great!
Until you realise that when you grab a users $_SERVER[‘REMOTE_ADDR’], you get your server IP address!
Not good! Lets fix that, using reverse proxy add forward module for Apache (mod_rpaf)

wget http://www.stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar -zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

Now it’s installed, you need to add some guff to your Apache httpd.conf. If you are crippled by a cPanel install, then you edit it by going into WHM, clicking Apache Configuration, Include Editor, and under Pre Main Include select all versions of Apache.  Paste in the following, inserting your servers IP address where I’ve written “Server.IP.Goes.Here”.

LoadModule rpaf_module modules/mod_rpaf-2.0.so
# mod_rpaf Configuration
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 Server.IP.Goes.Here
RPAFheader X-Forwarded-For

Thats you! cPanel/WHM should restart the Apache server. Obviously command line commandos will type service httpd restart or one of the other similar commands, depending on your OS.
Now when you check, you will find you are getting the correct REMOTE_ADDR again!

Advertisements

Install Varnish Caching on CentOS with or without cPanel interference

Without messing with cPanel or Apache’s setup, we can still install Varnish to cache our pages a lot quicker, via the iptables firewall!

The problem was that changing the apache httpd.conf didnt work as expected, as cPanel does a lot of auto generating and tweaking of system files. yuk. i much prefer a terminal any day. Anyway! Lets have a look:

yum install varnish
nano /etc/sysconfig/varnish

comment out configuration 1, 3, and 4, uncomment config 2 and set as follows:

DAEMON_OPTS = " -a :8080 \                                          
                -T localhost:6082 \             
                -f /etc/varnish/default.vcl \              
                -S /etc/varnish/secret \             
                -s malloc,256m"

The -a line is the port varnish will run on. In a normal configuration, Varnish will take over port 80, so make it port 80. In the case of a server using cPanel, if you cant change your apache port to 8080, then you can set varnish to 8080 instead.

nano /etc/varnish/default.vcl

backend default {
    .host = "127.0.0.1";
    .port = "80";
}

The backend is Apache. In a normal varnish setup, this port should be 8080.  Using a reverse system using iptables, apache stays as port 80. Also, the host should become the external IP in this configuration.

Now, depending on your setup, depends what happens next.

Without cPanel, under a standard setup, you will have set Varnish to port 80 and Apache to port 8080. In this case, you must edit your apache httpd.conf, searching and replacing :80 with :8080. Then just stop and start the services as below, skipping the iptables stuff.

With cPanel, we can leave that alone and instead use an iptable rule to send all port 80 requests to varnish at port 8080. Edit ~/.bashrc, pasting this in:

alias varnishon='iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishoff='iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080'
alias varnishstatus='iptables -L -t nat |grep -q 8080; if [ "test$?" = "test0" ]; then echo "Varnish On"; else echo "Varnish Off"; fi'

 

You can now call, varnishon, varnishoff, and varnishstatus next login. So logout and login.

Restart Apache and start up varnish:

service httpd restart
service varnish start

You should be able to access your site on port 80 AND port 8080. The difference? Run a curl command to see the headers:

curl -I http://mysite.com
curl -I http://mysite.com:8080

You’ll see the port 8080 mentions varnish.

Last thing to do is enable the iptables rule: Type in your alias command you put in bashrc:

varnishon

Now port 80 is routing to port 8080, and you have varnished pages, and haven’t touched your cPanel setup!

Considerations: the header shows the page in this weird cPanel workaround setup as 301 moved permanently. Also, the site i was using captured IP addresses, but due to the proxy nature of this setup, the ips captured belonged to the server! The actual way should be to have Apache on 8080 and varnish on 80, and no ip rules at all. If you have access to WHM or cPanel, you are looking for tweak settings, and change the default apache port to 8080 in there! Good luck!