Hello community, here is the log from the commit of package varnish.2185 for openSUSE:12.2:Update checked in at 2013-11-15 10:46:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/varnish.2185 (Old) and /work/SRC/openSUSE:12.2:Update/.varnish.2185.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "varnish.2185" Changes: -------- New Changes file: --- /dev/null 2013-10-11 12:16:15.204037506 +0200 +++ /work/SRC/openSUSE:12.2:Update/.varnish.2185.new/varnish.changes 2013-11-15 10:46:29.000000000 +0100 @@ -0,0 +1,159 @@ +------------------------------------------------------------------- +Fri Nov 1 18:52:49 UTC 2013 - [email protected] + +- Add 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch + (CVE-2013-4484, bnc#848451) + +------------------------------------------------------------------- +Wed Feb 8 23:26:10 UTC 2012 - [email protected] + +- Update to new upstream release 3.0.2 +* Add support for ESI and gzip +* Handle objects larger than 2G +* HTTP Range support is now enabled by default +* "307 Temporary redirect" is now considered cacheable +* see ChangeLog (packaged) or + http://varnish-cache.org/trac/browser/doc/changes.rst + for details +- Note that the -s file,/var/cache/varnish,524288 argument (check + /etc/sysconfig/varnish) needs at least "1M" instead of 524288 + or the daemon will not start anymore. +- Add systemd unit files + +------------------------------------------------------------------- +Thu Dec 8 13:51:14 UTC 2011 - [email protected] + +- fix license to be in spdx.org format + +------------------------------------------------------------------- +Tue May 10 14:01:13 UTC 2011 - [email protected] + +- Varnish Requires a C compiler, the vcl scripts are compiled + and loaded as DSO. + +------------------------------------------------------------------- +Sat Apr 16 17:26:10 UTC 2011 - [email protected] + +- remove configure option --enable-debugging-symbols + it overrides buildsystem optimization levels. + +------------------------------------------------------------------- +Sat Apr 16 17:12:11 UTC 2011 - [email protected] + +- Update to version 2.1.5 + * Two bugs relating to Content-Length and possible duplication + of Content-Length headers have been resolved. + * Fixed an issue with re-using connections after Chunked-Encoding. + * Use the time of cache-insertion for "If-Modified-Since" requests + if a "Last-Modified" header isn't provided by the backend. + * Merge multi-line Vary and Cache-Control headers from clients, + which Google Chromium seem to split up. + +------------------------------------------------------------------- +Fri Apr 15 22:36:02 UTC 2011 - [email protected] + +- use pkgconfig instead of pkg-config on SLES 9 + +------------------------------------------------------------------- +Sun Apr 3 23:38:24 UTC 2011 - [email protected] + +- Fix security-problematic ownership of /etc/varnish files + (bnc#678811) +- Run spec-beautifier over it +- Replace default shipped vcl.conf by something working +- Run as varnish user +- Start varnishlog together with varnishd +- Properly use PID files in init script + +------------------------------------------------------------------- +Sat Oct 9 04:31:06 UTC 2010 - [email protected] + +- Create and package /var/log/varnish + +------------------------------------------------------------------- +Thu Aug 5 22:11:24 UTC 2010 - [email protected] + +- Update to new upstream release: 2.1.3 +* fixed an off-by-one error in the ESI handling causing includes to + fail a large part of the time. +* Avoid triggering an assert if the other end closes the connection + while we are lingering and waiting for another request from them. +* Make it possible to specify the per-thread stack size. This might + be useful on 32 bit systems with their limited address space. +* Persistent storage is now experimentally supported using the + persistent stevedore. It has the same command line arguments as + the file stevedore. +* The regular expression engine is now PCRE instead of POSIX + regular expressions. +* Add a new hashing method called critbit. This autoscales and + should work better on large object workloads than the classic + hash. Critbit has been made the default hash algorithm. +* Add support for authenticating CLI connections. +* Add hash director that chooses which backend to use depending on + req.hash. +* Add client director that chooses which backend to use depending + on the client's IP address. Note that this ignores the + X-Forwarded-For header. +* Add a timestamp to bans, so you can know how old they are. +* Varnish can now connect its CLI to a remote instance when + starting up, rather than just being connected to. +* It is no longer needed to specify the maximum number of HTTP + headers to allow from backends. This is now a run-time parameter. +* HEAD requests would be converted to GET requests too early, which + affected pass and pipe. This has been fixed. +* Add experimental support for the Range header. This has to be + enabled using the parameter http_range_support. +- Add PreReqs for %post +- Run %setup quietly +- Remove unneeded .la files from installation - libraries are in + a standard directory already +- Avoid use of bash-specific &>/dev/null during %post +- Refine file lists +- Remove old changelog from .spec - changelog is in .changes + +------------------------------------------------------------------- +Tue Dec 15 15:03.01 CEST 2009 - [email protected] + +- update 2.0.5 + + +------------------------------------------------------------------- +Fri Apr 3 13:48:01 CEST 2009 - [email protected] + +- update to 2.0.4 + +------------------------------------------------------------------- +Tue Mar 10 17:47:23 CET 2009 - [email protected] + +- update to 2.0.3 + +------------------------------------------------------------------- +Wed Jul 25 22:16:29 CEST 2007 - [email protected] + +- updated to 1.1 + +------------------------------------------------------------------- +Tue Feb 20 18:28:29 CET 2007 - [email protected] + +- update to version 1.0.3 + Consistency issues with statistics and backend parameters were + fixed. Parsing of -w command-line options was fixed. A + short-lived DNS cache was added to avoid thrashing DNS servers + when the backend fails. + +------------------------------------------------------------------- +Sat Dec 2 17:14:16 CET 2006 - [email protected] + +- fixing build on sles9 +- added files from the official rh4 rpm: + o init scripts for non suse distros + o the default configs for all distros +- added init/sysconfig script for suse. +- we create a user now. Remaining TODO item: how to run varnish as + non root user on port 80? + +------------------------------------------------------------------- +Sun Nov 19 03:37:50 CET 2006 - [email protected] + +- update to 1.0.2 + New: ---- 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch varnish-3.0.2.tar.xz varnish.changes varnish.init varnish.logrotate varnish.service varnish.spec varnish.sysconfig varnishlog.init varnishlog.service vcl.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ varnish.spec ++++++ # # spec file for package varnish # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: varnish %define library_name libvarnishapi1 Version: 3.0.2 Release: 0 Summary: Varnish is a high-performance HTTP accelerator License: BSD-2-Clause Group: Productivity/Networking/Web/Proxy Url: http://varnish-cache.org/ #DL-URL: http://downloads.sf.net/varnish/%name-%version.tar.bz2 Source0: %name-%version.tar.xz Source2: varnish.init Source3: varnish.sysconfig Source4: vcl.conf Source5: varnish.logrotate Source6: varnishlog.init Source7: varnish.service Source8: varnishlog.service Patch2: 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libxslt BuildRequires: ncurses-devel BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: xz Prereq(post): %_sbindir/useradd %_sbindir/groupadd %if 0%{?suse_version} >= 1010 Recommends: logrotate %endif %if 0%{?suse_version} >= 1210 BuildRequires: systemd %{?systemd_requires} %endif %define pkg_home %_localstatedir/lib/%name %define pkg_logdir %_localstatedir/log/%name %define pkg_cachedir %_localstatedir/cache/%name Requires: c_compiler %description Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse Proxy) is an application that stores (caches) documents that have been requested over the HTTP protocol. Based on certain criteria the next client requesting the document is either given the cached document, or a "fresh" document requested from a backend server. The purpose of this is to minimize the requests going to the backend server(s) by serving the same document to potentially many users. %package -n %library_name Summary: Shared libraries for Varnish Group: Productivity/Networking/Web/Proxy %description -n %library_name Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse Proxy) is an application that stores (caches) documents that have been requested over the HTTP protocol. Based on certain criteria the next client requesting the document is either given the cached document, or a "fresh" document requested from a backend server. The purpose of this is to minimize the requests going to the backend server(s) by serving the same document to potentially many users. This package holds the shared libraries for varnish. %package devel Requires: %name = %version Summary: Development files for Varnish Group: Development/Libraries/C and C++ %description devel Varnish is an HTTP accelerator. An HTTP accelerator (often called Reverse Proxy) is an application that stores (caches) documents that have been requested over the HTTP protocol. Based on certain criteria the next client requesting the document is either given the cached document, or a "fresh" document requested from a backend server. The purpose of this is to minimize the requests going to the backend server(s) by serving the same document to potentially many users. This package holds the development files for varnish. %prep %setup -q %patch -P 2 -p1 %build %if 0%{?suse_version} > 1000 export CFLAGS="%optflags -fstack-protector" %endif %configure --disable-static \ --localstatedir=%_localstatedir/cache/ \ --enable-developer-warnings make %{?_smp_mflags} %install b="%buildroot"; %makeinstall # There is no use for them to normal users mv "$b/%_bindir"/* "$b/%_sbindir/"; # ##missing directories install -dm 0755 "$b"/{%pkg_logdir,%pkg_home}; install -Dpm 0644 "%{S:5}" "$b/%_sysconfdir/logrotate.d/varnish"; # ##init scripts install -Dpm 0644 "%{S:3}" "$b/var/adm/fillup-templates/sysconfig.%name"; install -Dpm 0755 "%{S:2}" "$b/%_initddir/varnish"; install -Dpm 0755 "%{S:6}" "$b/%_initddir/varnishlog"; %if 0%{?_unitdir:1} install -Dpm 0644 "%{S:7}" "$b/%_unitdir/varnish.service"; install -Dpm 0644 "%{S:8}" "$b/%_unitdir/varnishlog.service"; %endif mkdir -p "$b/%_sbindir"; ln -s "%_initddir/varnish" "$b/%_sbindir/rcvarnish"; ln -s "%_initddir/varnishlog" "$b/%_sbindir/rcvarnishlog"; # ##config files install -Dpm 0644 %{S:4} "$b/%_sysconfdir/%name/vcl.conf"; install -Dpm 0644 %{S:4} "$b/%_sysconfdir/%name/vcl.conf.example"; find "$b" -type f -name "*.la" -delete mkdir -p "$b/%pkg_logdir" %pre %_bindir/getent group varnish >/dev/null || \ %_sbindir/groupadd -r varnish || : %_bindir/getent passwd varnish >/dev/null || \ %_sbindir/useradd -g varnish -s /bin/false -r -c "user for Varnish" \ -d %pkg_home varnish || : %if 0%{?_unitdir:1} %service_add_pre varnish.service %service_add_pre varnishlog.service %endif %post %fillup_and_insserv varnish %fillup_and_insserv varnishlog %if 0%{?_unitdir:1} %service_add_post varnish.service %service_add_post varnishlog.service %endif %preun %stop_on_removal varnish %stop_on_removal varnishlog %if 0%{?_unitdir:1} %service_del_preun varnish.service %service_del_preun varnishlog.service %endif %postun # Does not sysv+systemd very much conflict? But rpmlint wants to have it... %restart_on_update varnish %restart_on_update varnishlog %if 0%{?_unitdir:1} %service_del_postun varnish.service %service_del_postun varnishlog.service %endif %insserv_cleanup %post -n %library_name -p /sbin/ldconfig %postun -n %library_name -p /sbin/ldconfig %files %defattr(-,root,root) %_initddir/varnish %_initddir/varnishlog %if 0%{?_unitdir:1} %_unitdir %endif %config(noreplace) %_sysconfdir/logrotate.d/varnish %dir %attr(0750,root,varnish) %_sysconfdir/%name/ %config(noreplace) %attr(0640,root,varnish) %_sysconfdir/%name/vcl.conf %config %attr(0640,root,varnish) %_sysconfdir/%name/vcl.conf.example %config(noreplace) %attr(0640,root,varnish) %_sysconfdir/%name/default.vcl %_libdir/varnish %_sbindir/varnish* %_sbindir/rcvarnish* %_mandir/man*/* %doc ChangeLog LICENSE README %dir %attr(0750,varnish,varnish) %pkg_home %dir %attr(0750,varnish,varnish) %pkg_cachedir %dir %attr(0750,varnish,varnish) %pkg_logdir %if 0%{?suse_version} %_localstatedir/adm/fillup-templates/sysconfig.%name %else %config(noreplace) %_sysconfdir/sysconfig/%name %doc redhat/README.redhat %endif %files -n %library_name %defattr(-,root,root,-) %_libdir/libvarnishapi.so.1* %files devel %defattr(-,root,root,-) %_includedir/varnish %_libdir/pkgconfig/* %_libdir/libvarnishapi.so %changelog ++++++ 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch ++++++ >From 4bd5b7991bf602a6c46dd0d65fc04d4b8d9667a6 Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland <[email protected]> Date: Wed, 30 Oct 2013 13:48:20 +0100 Subject: [PATCH] Make up our mind: Any req.* we receive from the client with fundamental trouble gets failed back without VCL involvement. References: https://www.varnish-cache.org/trac/ticket/1367 References: CVE-2013-4484 References: https://bugzilla.novell.com/show_bug.cgi?id=848451 Fixes #1367 --- bin/varnishd/cache_center.c | 28 +++++++++++++++------------- bin/varnishd/cache_http.c | 2 +- bin/varnishtest/tests/r01367.vtc | 30 ++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 14 deletions(-) create mode 100644 bin/varnishtest/tests/r01367.vtc diff --git a/bin/varnishd/cache_center.c b/bin/varnishd/cache_center.c index 19eb2ce..fdf7cee 100644 --- a/bin/varnishd/cache_center.c +++ b/bin/varnishd/cache_center.c @@ -1474,9 +1474,12 @@ DOT start -> recv [style=bold,color=green] static int cnt_start(struct sess *sp) { - uint16_t done; + uint16_t err_code; char *p; - const char *r = "HTTP/1.1 100 Continue\r\n\r\n"; + const char *r_100 = "HTTP/1.1 100 Continue\r\n\r\n"; + const char *r_400 = "HTTP/1.1 400 Bad Request\r\n\r\n"; + const char *r_413 = "HTTP/1.1 413 Request Entity Too Large\r\n\r\n"; + const char *r_417 = "HTTP/1.1 417 Expectation Failed\r\n\r\n"; CHECK_OBJ_NOTNULL(sp, SESS_MAGIC); AZ(sp->restarts); @@ -1499,10 +1502,14 @@ cnt_start(struct sess *sp) sp->wrk->vcl = NULL; http_Setup(sp->http, sp->ws); - done = http_DissectRequest(sp); + err_code = http_DissectRequest(sp); /* If we could not even parse the request, just close */ - if (done == 400) { + if (err_code == 400) + (void)write(sp->fd, r_400, strlen(r_400)); + else if (err_code == 413) + (void)write(sp->fd, r_413, strlen(r_413)); + if (err_code != 0) { sp->step = STP_DONE; vca_close_session(sp, "junk"); return (0); @@ -1514,12 +1521,6 @@ cnt_start(struct sess *sp) /* Catch original request, before modification */ HTTP_Copy(sp->http0, sp->http); - if (done != 0) { - sp->err_code = done; - sp->step = STP_ERROR; - return (0); - } - sp->doclose = http_DoConnection(sp->http); /* XXX: Handle TRACE & OPTIONS of Max-Forwards = 0 */ @@ -1529,13 +1530,14 @@ cnt_start(struct sess *sp) */ if (http_GetHdr(sp->http, H_Expect, &p)) { if (strcasecmp(p, "100-continue")) { - sp->err_code = 417; - sp->step = STP_ERROR; + (void)write(sp->fd, r_417, strlen(r_417)); + sp->step = STP_DONE; + vca_close_session(sp, "junk"); return (0); } /* XXX: Don't bother with write failures for now */ - (void)write(sp->fd, r, strlen(r)); + (void)write(sp->fd, r_100, strlen(r_100)); /* XXX: When we do ESI includes, this is not removed * XXX: because we use http0 as our basis. Believed * XXX: safe, but potentially confusing. diff --git a/bin/varnishd/cache_http.c b/bin/varnishd/cache_http.c index 8753acc..605975b 100644 --- a/bin/varnishd/cache_http.c +++ b/bin/varnishd/cache_http.c @@ -601,7 +601,7 @@ http_splitline(struct worker *w, int fd, struct http *hp, hp->hd[h2].e = p; if (!Tlen(hp->hd[h2])) - return (413); + return (400); /* Skip SP */ for (; vct_issp(*p); p++) { diff --git a/bin/varnishtest/tests/r01367.vtc b/bin/varnishtest/tests/r01367.vtc new file mode 100644 index 0000000..e1de20a --- /dev/null +++ b/bin/varnishtest/tests/r01367.vtc @@ -0,0 +1,30 @@ +varnishtest "blank GET" + +server s1 { + rxreq + txresp +} -start + +varnish v1 -vcl+backend { + sub vcl_error { + return (restart); + } +} -start + +client c1 { + send "GET \nHost: example.com\n\n" + rxresp + expect resp.status == 400 +} -run + +client c1 { + txreq -hdr "Expect: Santa-Claus" + rxresp + expect resp.status == 417 +} -run + +client c1 { + txreq + rxresp + expect resp.status == 200 +} -run -- 1.8.2 ++++++ varnish.init ++++++ #!/bin/sh # ### BEGIN INIT INFO # Provides: varnish # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: varnish HTTP accelerator # Description: varnish HTTP accelerator ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance VARNISH_BIN=/usr/sbin/varnishd test -x $VARNISH_BIN || { echo "$VARNISH_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it VARNISH_CONFIG=/etc/sysconfig/varnish test -r $VARNISH_CONFIG || { echo "$VARNISH_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } VARNISHD_BIN="$VARNISH_BIN" VARNISHD_PID=/var/run/varnishd.pid VARNISHLOG_BIN=/usr/sbin/varnishncsa VARNISHLOG_PID=/var/run/varnishlog.pid # Read config . $VARNISH_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting varnish " ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc "$VARNISHD_BIN" -P "$VARNISHD_PID" ${VARNISHD_PARAMS:--f /etc/varnish/vcl.conf -T:6082 -s file,/var/cache/varnish,1M -u varnish} # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down varnish " ## Stop daemon with killproc(8) and if this fails ## killproc sets the return value according to LSB. /sbin/killproc -p "$VARNISHD_PID" "$VARNISHD_BIN" # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service varnish " ## if it supports it: /sbin/killproc -HUP $VARNISH_BIN #touch /var/run/varnish.pid rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service varnish " /sbin/killproc -p "$VARNISHD_PID" -HUP "$VARNISHD_BIN" #touch /var/run/varnish.pid rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service varnish " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. /sbin/checkproc -p "$VARNISHD_PID" "$VARNISHD_BIN" # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/sysconfig/varnish -nt "$VARNISHD_PID" && \ test -f /etc/varnish/default.vcl.net -nt "$VARNISHD_PID" && \ echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ varnish.logrotate ++++++ /var/log/varnish/*.log { missingok notifempty sharedscripts delaycompress postrotate /etc/init.d/varnish reload endscript } ++++++ varnish.service ++++++ [Unit] Description=Varnish HTTP accelerator/reverse proxy After=network.target [Service] EnvironmentFile=/etc/sysconfig/varnish PIDFile=/var/run/varnishd.pid ExecStart=/usr/sbin/varnishd $VARNISHD_PARAMS -P /var/run/varnishd.pid -F [Install] WantedBy=multi-user.target ++++++ varnish.sysconfig ++++++ ## Path: Network/WWW/Varnishd ## Description: start parameters for varnishd. ## Type: string ## Default: "-f /etc/varnish/vcl.conf -T127.0.0.1:6082 -s file,/var/cache/varnish" ## Config: varnishd # # start parameters for varnishd. # # see man 1 varnishd for more # # You might want to keep "/var/cache/varnish" when using the file backend. # VARNISHD_PARAMS="-f /etc/varnish/vcl.conf -T:6082 -s file,/var/cache/varnish,1M -u varnish" ## Path: Network/WWW/Varnishd ## Description: Start parameters for varnishlog ## Type: string ## Default: "-a -w /var/log/varnish.log" ## Config: varnishd # # start parameters for varnishlog/varnishncsa # # see man 1 varnishlog for more # VARNISHLOG_PARAMS="-a -w /var/log/varnish/varnish.log" ++++++ varnishlog.init ++++++ #!/bin/sh # ### BEGIN INIT INFO # Provides: varnishlog # Required-Start: $syslog $remote_fs # Should-Start: $time ypbind sendmail # Required-Stop: $syslog $remote_fs # Should-Stop: $time ypbind sendmail # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: varnish logger # Description: varnish logger ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) # Note: Special treatment of stop for LSB conformance VARNISH_BIN=/usr/sbin/varnishd test -x $VARNISH_BIN || { echo "$VARNISH_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it VARNISH_CONFIG=/etc/sysconfig/varnish test -r $VARNISH_CONFIG || { echo "$VARNISH_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } VARNISHD_BIN="$VARNISH_BIN" VARNISHD_PID=/var/run/varnishd.pid VARNISHLOG_BIN=/usr/sbin/varnishncsa VARNISHLOG_PID=/var/run/varnishlog.pid # Read config . $VARNISH_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v be verbose in local rc status and clear it afterwards # rc_status -v -r ditto and clear both the local and overall rc status # rc_status -s display "skipped" and exit with status 3 # rc_status -u display "unused" and exit with status 3 # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num> # rc_reset clear both the local and overall rc status # rc_exit exit appropriate to overall rc status # rc_active checks whether a service is activated by symlinks . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting varnishlog " /sbin/startproc "$VARNISHLOG_BIN" -P "$VARNISHLOG_PID" ${VARNISHLOG_PARAMS:--a -w /var/log/varnish/varnish.log} rc_status -v ;; stop) echo -n "Shutting down varnishlog " /sbin/killproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN" rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. "$0" reload rc_status ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) echo -n "Reload service varnishlog " /sbin/killproc -p "$VARNISHLOG_PID" -HUP "$VARNISHLOG_BIN" rc_status -v ;; status) ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) echo -n "Checking for service varnishlog " /sbin/checkproc -p "$VARNISHLOG_PID" "$VARNISHLOG_BIN" rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/sysconfig/varnish -nt "$VARNISHD_PID" && \ test -f /etc/varnish/default.vcl.net -nt "$VARNISHD_PID" && \ echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ varnishlog.service ++++++ [Unit] Description=Varnish log generator Requires=varnish.service #After= is not required [Service] EnvironmentFile=/etc/sysconfig/varnish PIDFile=/var/run/varnishlog.pid ExecStart=/usr/sbin/varnishncsa $VARNISHLOG_PARAMS -P /var/run/varnishlog.pid [Install] WantedBy=multi-user.target ++++++ vcl.conf ++++++ # # This is a basic VCL configuration file for varnish. See the vcl(7) # man page for details on VCL syntax and semantics. # # $Id: vcl.conf 1200 2006-10-19 09:21:42Z des $ # backend default { .host = "127.0.0.1"; .port = "8080"; } sub vcl_recv { # pass mode can't handle POST (yet) if (req.request == "POST") { return(pipe); } # don't bother caching large files if(req.url ~ "\.(pdf|mp3|flv|mov|mp4|mpg|mpeg|avi|dmg)") { return(pipe); } # force lookup even when cookies are present if (req.request == "GET" && req.http.cookie) { return(lookup); } } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
