This shows you the differences between two versions of the page.
Previous revision | |||
— | fuss:varnish [2024/06/12 20:01] (current) – office | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Use Disk Cache ====== | ||
+ | To use the disk cache instead of the memory cache, edit the Varnish command line and locate the '' | ||
+ | < | ||
+ | -s malloc,256m | ||
+ | </ | ||
+ | which uses memory storage of 256MiB, to: | ||
+ | < | ||
+ | -s file,/ | ||
+ | </ | ||
+ | |||
+ | where: | ||
+ | * ''/ | ||
+ | * '' | ||
+ | |||
+ | ====== Passing the Real IP Address to Apache from Cloudflare ====== | ||
+ | |||
+ | The following are some notes on getting the real IP address passed to Apache when Varnish and Cloudflare sit in front of Apache. For this to work, all other "real IP" Apache modules must be disabled, such as " | ||
+ | |||
+ | < | ||
+ | v | ||
+ | | | ||
+ | | | ||
+ | +-----+------+ | ||
+ | | Cloudflare | | ||
+ | +-----+------+ | ||
+ | | | ||
+ | | | ||
+ | +-----+------+ | ||
+ | | Varnish | ||
+ | +-----+------+ | ||
+ | | | ||
+ | | | ||
+ | +-----+------+ | ||
+ | | | ||
+ | +------------+ | ||
+ | |||
+ | </ | ||
+ | |||
+ | If Cloudflare is proxying requests for Apache, then Cloudflare passes the real IP address of the hit to Apache via the '' | ||
+ | |||
+ | < | ||
+ | if (req.http.cf-connecting-ip) { | ||
+ | set req.http.X-Forwarded-For = req.http.cf-connecting-ip; | ||
+ | } else { | ||
+ | set req.http.X-Forwarded-For = client.ip; | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | The code is written to account for the case where the client IP address is passed directly without Cloudflare in the second part of the conditional block. | ||
+ | |||
+ | Lastly, the varnish logging facility, " | ||
+ | |||
+ | < | ||
+ | [Unit] | ||
+ | Description=Varnish HTTP accelerator log daemon | ||
+ | Documentation=https:// | ||
+ | After=varnish.service | ||
+ | |||
+ | [Service] | ||
+ | Type=forking | ||
+ | PIDFile=/ | ||
+ | RuntimeDirectory=varnishncsa | ||
+ | User=varnishlog | ||
+ | Group=varnish | ||
+ | ExecStart=/ | ||
+ | ExecReload=/ | ||
+ | PrivateDevices=true | ||
+ | PrivateTmp=true | ||
+ | ProtectHome=true | ||
+ | ProtectSystem=full | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | |||
+ | </ | ||
+ | |||
+ | The change here is the formatting line of the log files produced by varnishncsa passed to the '' | ||
+ | |||
+ | < | ||
+ | -F ' | ||
+ | </ | ||
+ | |||
+ | ====== CloudFlare IPv6 and Blocking with Varnish ====== | ||
+ | |||
+ | Project Honeypot [[/ | ||
+ | |||
+ | Unfortunately, | ||
+ | < | ||
+ | if(req.http.cf-connecting-ip ~ " | ||
+ | return(synth(400, | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | in the Varnish configuration. |
For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.