How to integrate Varnish in Plesk on Debian Server

Install varnish.
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo -ne "\n## Varnish\n#\ndeb http://repo.varnish-cache.org/debian/ lenny varnish-3.0\n"  /etc/apt/sources.list
apt-get update
apt-get install varnish libvarnishapi1
Configure varnish.
egrep -v "^#|^$" /etc/default/varnish
START=yes
NFILES=131072START=yes
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a :80 \ # daemon-а работи на порт 80
             -T localhost:6082 \ # административната конзола е достъпна на host:port
             -f /etc/varnish/default.vcl \ # конфигурационен файл поподразбиране (т.нар. главен конфигурационен файл)
             -S /etc/varnish/secret \ # secret hash, използва се за authN и authZ
             -p thread_pool_min=200 \ # минимален брой на Idle threads
             -p thread_pool_max=4000 \ # максимален брой на threads
             -p thread_pool_add_delay=2 \ # намаляваме времето за стартиране на thread
             -p thread_pools=4 \ # тази стойност се определя от броя на CPU ядрата на машината
             -p session_linger=100 \ # To avoid too much context switching when you starve your CPU 
             -s malloc,4096m" # вид cache storage и размер, в случая се използва оперативната памет, размер на сегмента 4096 МБ
cat /etc/varnish/default.vcl
...................................
backend backend_0 {
        .host = "${pleskpublicip}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_1 {
        .host = "${pleskpublicip2}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_2 {
        .host = "${pleskinternalip}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

sub vcl_recv {

if (req.http.host ~ "^(www\.)?example\.com$") {
        set req.backend = custom1;
}   else {
        set req.backend = backend_0;
}

Example varnish config file:

plesk01:~# cat /etc/varnish/default.vcl 
acl purge {
  "localhost";
  "127.0.0.1";
  "192.168.1.0"/24; /* Private IP Ranges */
  "212.212.212.0"/24; /* Public developers IP Ranges */
}

acl admins {
   "localhost";
   "127.0.0.1";
   "192.168.1.0"/24;
}

backend backend_0 {
  .host = "${public_ip1}";
  .port = "8080";
  .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_1 {
  .host = "${internal_ip1}";
  .port = "8080";
  .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

sub vcl_recv {

  //exclude domains from cache
  //include "/etc/varnish/excludes.vcl";

  // Check end-point handler
  if (req.url == "/check"  client.ip ~ admins) {
    error 726 "OK";
  }

  if (req.url ~ "/server-status$") {
     if(!client.ip ~ admins) {
        error 405 "Not allowed";
     }  else {
	set req.backend = backend_1;
        return (pass);
     }
  }

  set req.backend = backend_0;

  // Including definitions for 301 redirects
  //include "/etc/varnish/redirects-set.vcl";

  // Let's have a little grace
  if (! req.backend.healthy) {
   set req.grace = 2h;
  } else {
   set req.grace = 1h;
  }

  // Normalizing hostnames to avoid double cache of same objects
  //include "/etc/varnish/vhosts.vcl";

  // Normalizing X-Forwarded-For header
  remove req.http.X-Forwarded-For;
  set    req.http.X-Forwarded-For = client.ip;

  if (req.http.X-Forwarded-Proto == "https" ) {
   set req.http.X-Forwarded-Port = "443";
  } else {
   set req.http.X-Forwarded-Port = "80";
   set req.http.X-Forwarded-Proto = "http";
  }

  // Default request checks
  if (req.request != "GET" 
   req.request != "HEAD" 
   req.request != "PUT" 
   req.request != "POST" 
   req.request != "TRACE" 
   req.request != "OPTIONS" 
   req.request != "PURGE" 
   req.request != "DELETE") {
    // Non-RFC2616 or CONNECT which is weird.
    return (pipe);
  }

  /* pass the request to apache backend if following conditions are satified:
     - Request for Server status
     - Authorization request
     - HTTP method other than GET, HEAD or PURGE
  */

  if ((req.request != "GET")  (req.request != "HEAD")  (req.request != "PURGE")) {
    return (pass);
  }

  if (req.http.Authorization) {
    return (pass);
  }

  if (req.http.Cache-control ~ "no-cache") {
    if(client.ip ~ purge) {
	ban("req.http.host ~ " + req.http.host + "  req.url ~ " + req.url);
    }
    return (pass);
  }

  if (req.http.pragma ~ "no-cache") {
    return (pass);
  }

  // We do not need to cache demo content developing by designers
  if (req.url ~ "/demo") {
    return (pass);
  }

  // Normalizing Accept-Encoding header
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
      // No point in compressing these
      remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
      set req.http.Accept-Encoding = "deflate";
    } else {
    // unkown algorithm
      remove req.http.Accept-Encoding;
    }
  }

  if (req.url ~ "^http://") {
    set req.url = regsub(req.url, "http://[^/]*", "");
  }

  if (req.http.Cookie) {
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1"); # removes all cookies named __utm? (utma, utmb...) - tracking thing

    if (req.http.Cookie == "") {
        remove req.http.Cookie;
    }
  }

  // Remove empty cookies.
  if (req.http.Cookie ~ "^\s*$") {
    unset req.http.Cookie;
  }

  // Cookie monster
  set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", "");
  set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");

  // Cache things with these extensions
  if (req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv|ivp|xml|htm|html|ico)(\?.*|)$") {
    // Remove the query string from real static files
    set req.url = regsub(req.url, "\?.*$", "");

    // Remove cookies for static content
    unset req.http.Cookie;

    // Revong extra headers
    unset req.http.User-Agent;
    unset req.http.Vary;

    return (lookup);
  }

  return (pass);
} // end of sub vcl_recv

// Strip any cookies before an image/js/css is inserted into cache.
// Also: future-support for ESI. Dropped ($id Arruor exp)
sub vcl_fetch {
  // we do not need to cache 404 error documents
  if (beresp.status == 404 || beresp.status == 403) {
        set beresp.ttl = 0s;
        return (deliver);
  }

  // Misbehaving servers protection
  if (beresp.status == 500) {
    set beresp.saintmode = 10s;
    return (restart);
  }
  set beresp.grace = 1h;

  // Aviding too small ttls
  if (beresp.ttl  0s) {
      // Remove Expires from backend, it's not long enough
      //unset beresp.http.expires;

      // Set the clients TTL on this object to two weeks, I think two weeks is enough
      set beresp.http.cache-control = "max-age=1209600, public, no-transform";

      // Set how long Varnish will keep it, I think one month is enough
      set beresp.ttl = 4w;

      // marker for vcl_deliver to reset Age:
      set beresp.http.magicmarker = "1";
    }

     unset beresp.http.Cookie;
  }

  if (client.ip ~ purge) {
  // Varnish determined the object was not cacheable
  if(req.http.Cookie ~"(UserID|_session)") {
    // You don't wish to cache content for logged in users
    set beresp.http.X-Cacheable = "NO:Got Session";
    return (hit_for_pass);
  }  elsif ( beresp.http.Cache-Control ~ "private") {
    // You are respecting the Cache-Control=private header from the backend
    set beresp.http.X-Cacheable = "NO:Cache-Control=private";
    return (hit_for_pass);
  }  else {
    // Varnish determined the object was cacheable
    set beresp.http.X-Cacheable = "YES";
  }
  }

  // Changing default Server Signature
  unset beresp.http.Server;
  set beresp.http.Server = "Apache 1.3.27 (FreeBSD) Server PHP/4.2.0 at " + req.http.host +" Port 80";

  unset beresp.http.X-Generator;
  unset beresp.http.X-Powered-By;
  unset beresp.http.Etag;
  unset beresp.http.Last-Modified;
  unset beresp.http.Pragma;
  unset beresp.http.Via;
  unset beresp.http.Cookie;
  unset beresp.http.Vary;

  return (deliver);
} // end of sub vcl_fetch

sub vcl_deliver {
  // Reset Age: header (if it's necessary)
  if (resp.http.magicmarker) {
     /* Remove the magic marker */
     unset resp.http.magicmarker;

    /* By definition we have a fresh object */
    set resp.http.Age = "0";
  }

  if (client.ip ~ purge) { 
  // Add cache hit data
  if (obj.hits  0) {
    #if hit add hit count
    set resp.http.X-Cache = "HIT";
    set resp.http.X-Cache-Hits = obj.hits;
  } else {
    set resp.http.X-Cache = "MISS";
  }
  }

  remove resp.http.X-Varnish;
  remove resp.http.Via;

  // Changing default Server Signature
  unset resp.http.Server;
  set resp.http.Server = "Apache 1.3.27 (FreeBSD) Server PHP/4.2.0 at " + req.http.host + " Port 80";

  return (deliver);
} // end of sub vcl_deliver

sub vcl_pipe {
  // This forces every pipe request to be the first one. ($id Arruor exp)
  set bereq.http.connection = "close";

  // Make sure we have the correct ip in x-forwarded-for ($id Arruor exp)
  if (req.http.X-Forwarded-For) {
    set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
  } else {
    set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
  }

  return (pipe);
} // end of sub vcl_pipe

sub vcl_pass {
  return (pass);
} // end of sub vcl_pass

sub vcl_miss {
  // Make sure we have the correct ip in x-forwarded-for ($id Arruor exp)
  if (req.http.X-Forwarded-For) {
    set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
  } else {
    set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
  }

  return (fetch);
} // end of sub vcl_miss

sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    return (hash);
}

sub vcl_hit {
  if (obj.ttl  0s) {
    return (pass);
  }

  return (deliver);
} // end of sub vcl_hit

sub vcl_error {
  if (obj.status == 503  req.restarts  5) {
    set obj.http.X-Restarts = req.restarts;
    return (restart);
  }

 // Handling Check end-point
  if (obj.status == 726) {
    set obj.status = 200;
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"

"};
  }

} // end of sub vcl_error
Install libapache2-mod-rpaf module to catch correct remote IP address in apache log files and change RPAFproxy_ips $ip.

This is needed and to change SERVER_PORT header in Apache from 8080 to 80.
You will need to install version 0.8.1, so if the plesk is installed on Debian lenny you will need to download this version from git hub and compile it:

apt-get install build-essential apache2-threaded-dev
wget http://security.ubuntu.com/ubuntu/pool/universe/y/yada/yada_0.55_all.deb
dpkg -i yada_0.55_all.deb
git clone git@github.com:gnif/mod_rpaf or get archive from svn support/files/varnish/mod_rpaf.tar.gz
cd mod_rpaf
dpkg-buildpackage -b
dpkg -i ../libapache2-mod-rpaf_X.X-X.X_XXX.deb

cat /etc/apache2/mods-enabled/rpaf.conf

  RPAF_Enable       On
  RPAF_ProxyIPs     ${publicip_1}
  RPAF_Header       X-Forwarded-For
  RPAF_SetHostName  On
  RPAF_SetHTTPS     On
  RPAF_SetPort      On

If the server has more than 1 public address, you must add all of them to the RPAF_ProxyIPs variable, divided by space.

Change following in /etc/init.d/varnishncsa to start varnish access logging adding cache resource info.
start_varnishncsa() {
............................
--chuid $USER --exec ${DAEMON} -- "-F %h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" Cache: %{Varnish:handling}x" ${DAEMON_OPTS} \
........................
Start ‘varnishncsa’ by default:
cat /etc/default/varnishncsa
..............................
VARNISHNCSA_ENABLED=1
Change Apache default port to port ‘8080’:
mysqldump -u admin -p`cat /etc/psa/.psa.shadow` psa ; psa.back.sql
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -D psa -e'replace into misc (param, val) values ("http_port", 8080);'
Change default Apache port:
cat /etc/apache2/ports.conf

Listen 8080
Listen 443
Reload all Apache configurations:
/usr/local/psa/admin/bin/websrvmng --reconfigure-all
/usr/local/psa/admin/sbin/webmailmng --disable --name=horde
/usr/local/psa/admin/sbin/webmailmng --enable --name=horde
Change server-status configuration in Apache.
cat /etc/apache2/httpd.conf
................
ExtendedStatus On

    SetHandler server-status
    Order deny,allow
    Allow from all

................
Test Apache configurations and restart Apache server
apache2ctl configtest
/etc/init.d/apache2 restart
Start varnish server.
/etc/init.d/varnish start
Add to /etc/motd-warning
nano /etc/motd-warning
\e[1;31mDon't restart varnish!!! Just reload it if needed!\e[00m
Allow connections from internal network to Apache port 8080:
iptables -A tcp_inbound -p TCP -s 192.168.1.0/24 --destination-port 8080 -j ACCEPT
Check Varnish config for errors:

If you’ve updated your varnish server’s configuration, there doesn’t seem to be an equivalent of ‘apachectl configtest‘ for it, but you can do:

varnishd -C -f /etc/varnish/default.vcl

If everything is correct, varnish will then dump out the generated configuration. Otherwise you’ll get an error message pointing you to a specific line number.

Invalidate Varnish cache

1. Invalidate entire cache for domain:

varnishadm "ban req.http.host ~ www.mydomain.com"

2. Invalidate cache for specific domain’s URl:

varnishadm "ban req.http.host ~ www.mydomain.com  req.url ~ someurl"

3. Invalidate cache for some URL for all vhosts:

varnishadm "ban.url ~ someurl"

4. Invalidate cache using ctrl+F5 (sending cache-control: no-cache) from your browser if you are from purge acl.

Configure MS Windows 7 SNMP to work with SpeedFan

Hello m8s,

As you know in system administration field , the monitoring is essentials part daily stuff.

In Linux based OS , if you need to extract some numerical values from main-board sensors you will accomplished with no-more than….5 click..i mean commands.
And everything will just work as you expect…but there is also other side – some call it Windows 😀

As you know, running stuff on Windows sometimes becomes so fantastic journey (with point of no return ^_^), that you just may not able to remember where you start…and how the hell you made the deam thing to work 🙂

In next..not so few steps i will show you how drawing thought SNMP numerical values from your main-board sensors.

I will use windows SNMP services + Speed Fan + all of my knowledge do guide you.

Installing and config snmp sensors with Windows 7

– Navigate to “Control Panel” -> “Programs and Features

– In left part select “Turn Windows features on or off

– Search in “Windows Features” for “Simple Network Managment Protocol (SNMP)” -> and put check . Now wait until install complete

– Navigate to services control pannel: Start Menu -> Run -> services.msc than search for “SNMP Services and righ click – Properties.

– Select “Agents” tab and type the correct values in Name and Location. For example: “Pavlin.Chervenkov” “Floor2” and then hit apply

– Select “Traps” tabs and type in “Community name” type “desktop” then hit apply.

– Select “Security” tab and add to “Accepted community names” the name from previous step – “desktop” and “Community rights” (READ ONLY)

– Add desire host to “Accept SNMP packets from these hosts” or use “Accept SNMP packets from any host

Then Apply and OK

– It is a MUST to stopl services and put it on Manual mode ! We shall start it later

– Check windows firewall !

 

Speedfan + snmp extension

– Install  installspeedfan439.exe

– Install speedfan snmp extension http://deve.loping.net/projects/sfsnmp/downloads/

– Start speedfan with full path like this: Start > Run > C:\Program Files (x86)\SpeedFan\Injector.exe

 

Windows fixs

Control Panel > All Control Panel Items > User Accounts > Change user account control settings – Never notify

Go to speedfan folder: C:\Program Files (x86)\SpeedFan\ 

right click on injector.exe > Properties > Compatabillity > Set checkbox ON  “Run this program as an administrator

Task Scheduler

We have to create two scheduler task to run everything smoothl.

1. Speedfan

Start > Run amd type: %windir%\system32\taskschd.msc /s

Action > Create Taks

General:

Name: speedfan

Configure for: Windows 7

Triggers > New:

Begin the task: At log on

Delay task for: 30 seconds

Actions > New:

Start a program:

“C:\Program Files (x86)\SpeedFan\injector.exe”

2. SNMP Task

Action > Create Taks

General:

Name: snmp

Configure for: Windows 7

Triggers > New:

Begin the task: At log on

Delay task for: 1minute

Actions > New:

Start a program:

D:\Install\snmpstart.bat”

This is content of snmpstart.bat

“net start snmp” <- Without the quotes !

Speedfan settings

 

Rum Smart fan from above path for the first time:

Start > Run: C:\Program Files (x86)\SpeedFan\injector.exe

Select “Configure” then “Options

+ “Start minimized”

+ “Minimize on close”

That is ! Now restart and pray.

I hope that you will enjoying doing this…:)

 

Configure Firefox to handle callto links in Ubuntu/Debian

Hi all 🙂

in this post I will show you how to configure Mozilla Firefox to handle callto links. By default if you click on callto link in Firefox shows the following error:

The address wasn't understood

Firefox doesn't know how to open this address, because the protocol (callto) isn't associated with any program.

You might need to install other software to open this address.

These steps are tested on Ubuntu 12.04 LTS i386, Ubuntu 13.10 i386 and Debian Wheezy amd64.

1. Install SFLPhone Software for VOIP calls

apt-get install sflphone-gnome

2. Start the app. First time you will see this screen. Just click “Continue”:

SFLPhone

 We need to choose “Register an existing SIP account” on the next screen and click “Continue”:

SFLPhone

 On the next screen we choose “SIP” and click “Continue”:

Here we need to fill our data:

Alias: Our name
Host name: Our SIP Server IP
User name: Your user or ID
Password: Your password

 After filling the required data, click “Continue”:

 On the next screen just click “Apply”. We don’t need to setup anything here:

 Next you will see summary for your account.

 4. Save this script to /usr/bin/sflphone-handler

#!/bin/sh
#
# This script can be used as a callto: (or other) protocol handler in
# Mozilla Firefox-based browser.
# In Firefox use Preferences &gt; Applications and set the callto handler
# to this script.

# Test if a SFLphone client is already open, if not open a new one
# Opening a new client will start sflphoned if not already running
SFLPHONEC=`ps -A | grep sflphone-client`
if [ "$SFLPHONEC" = "" ]; then
    /usr/bin/sflphone-client-gnome&amp;
fi

# Check 1st argument (phone number)
if [ -z $1 ]; then
echo "Error: argument 1 (phone number) not provided."
    exit 1
fi

# Cleanup destination, keeping numbers only
TO="`echo $1 | sed -e 's/[^0123456789]//g'`"

# Generate call id.
CALLID=${RANDOM}$$

# Dbus placeCallFirstAccount method does not reach sflphoned if starting
# Should find another way to do this
sleep 1

dbus-send \
    --type="method_call" \
    --dest="org.sflphone.SFLphone" \
    "/org/sflphone/SFLphone/CallManager" \
    "org.sflphone.SFLphone.CallManager.placeCallFirstAccount" \
    string:"$CALLID" \
    string:"$TO"

exit 0

# EOF

 Or you can download it from:

https://github.com/LukeCarrier/sflphone/blob/master/tools/mozilla-telify-sflphone/sflphone-handler

5. Make this script executable:

chown root:root /usr/bin/sflphone-handler
chmod 755 /usr/bin/sflphone-handler

6. Add callto handler

sudo echo "x-scheme-handler/callto=sflphone.desktop" &gt;&gt; /usr/share/applications/defaults.list

7. Configure SFLPhone to accept parameters

nano /usr/share/applications/sflphone.desktop

and change

Exec=sflphone-client-gnome

to

Exec=sflphone-client-gnome %u

8. Configure Firefox

Open Firefox and click on callto link. First time you will see this screen:

 We need to click “Choose” and navigate to /usr/bin/sflphone-handler.

Then check “Remember my choice for callto links” and click “OK”.

After a while SFLPhone application should start and automatically call the number from the link.