Re: varnish 2.0.4 and new config changes
Kristian, Sorry about that. I'm cc'ing to varnish-misc. On Tue, Apr 7, 2009 at 3:19 AM, Kristian Lyngstol < krist...@redpill-linpro.com> wrote: > On Tue, Apr 07, 2009 at 02:55:13AM -0700, Jauder Ho wrote: > > I just downloaded the new 2.0.4 release and noticed that a couple of > things > > had changed causing my existing config to stop working. Therefore, I had > a > > couple of questions that I'm hoping that you can help answer. > > > > a) Is beresp.ttl basically replacing obj.ttl? If so, I should be able to > do > > the following right in vcl_fetch? > > > > if (beresp.ttl < 300s) { > > set beresp.ttl = 300s; > > } > > Yes, for all intents and purposes, beresp is obj. The name change is > reflecting some underlying changes that doesn't really affect how you write > VCL - yet. FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk though. Error msg from varnish-2.0.4 upon startup: Message from VCC-compiler: Unknown variable 'beresp.ttl' At: (input Line 128 Pos 7) if (beresp.ttl < 300s) { --##-- Running VCC-compiler failed, exit 1 VCL compilation failed > > > > b) With the change above, it looks like > > http://varnish.projects.linpro.no/wiki/FAQ#HowdoIaddaHTTPheader is > invalid > > as obj is not valid in vcl_fetch. Just wanted to confirm that > > beresp.http.X-Varnish-IP; works as expected. > > See the above answer (yes, it's valid). > > > c) Lastly, I have a config of user > nginx1 > varnish > nginx2 > php-fpm > and > > noticed that the IP being logged on nginx2 is the internal IP. nginx1 has > > X-Forwarded-For set. Using the wiki's suggestion at > > > http://varnish.projects.linpro.no/wiki/FAQ#HowcanIlogtheclientIPaddressonthebackend > , > > > > > > sub vcl_recv { > > # Add a unique header containing the client address > > remove req.http.X-Forwarded-For; > > setreq.http.X-Forwarded-For = client.ip; > > # [...] > > } > > > > This does not seem to work to show the user IP on nginx2 so any > suggestions > > would be appreciated as I'm wondering if the changes 2.0.4 affect this. > > Thanks! > > If your first nginx sets X-Forwarded-For, then setting > req.http.X-Forwarded-For = client.ip; will overwrite it with nginx1's IP. > So don't set X-Forwarded-For in vcl_recv and it will pass straight through > Varnish. 2.0.4 does not affect this compared to 2.0.3. > Right now, only nginx1 sets X-Forwarded-For; varnish does not set X-Forwarded-For; nginx2 is a fastcgi frontend and does not set X-Forwarded-For. With this config (and using -trunk), nginx2 still logs the gateway IP so something strange is going on here. --Jauder > > By the way, this discussion belongs on one of the mailing lists. > > -- > Kristian Lyngstøl > Redpill Linpro AS > Tlf: +47 21544179 > Mob: +47 99014497 > ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: varnish 2.0.4 and new config changes
On Tue, Apr 07, 2009 at 05:29:23PM -0700, Jauder Ho wrote: > On Tue, Apr 7, 2009 at 4:46 AM, Kristian Lyngstol < > krist...@redpill-linpro.com> wrote: > > > On Tue, Apr 07, 2009 at 04:11:04AM -0700, Jauder Ho wrote: > > > > > FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk > > > though. > > > > It would seem I was mistaken. It doesn't look like the obj to beresp > > commits made it into 2.0.4 after a quick check. So that's only relevant to > > trunk. > > > > That could be a problem for some people as obj.ttl is not available in > vcl_fetch in 2.0.4 and beresp.ttl is not available until trunk. That's not correct. Obj.ttl is available in hit, fetch, discard, timeout and error in 2.0.4. It's only available in hit, discard, timeout and error in trunk as beresp.ttl replaces it in fetch. > > > Right now, only nginx1 sets X-Forwarded-For; varnish does not set > > > X-Forwarded-For; nginx2 is a fastcgi frontend and does not set > > > X-Forwarded-For. > > > > > > With this config (and using -trunk), nginx2 still logs the gateway IP so > > > something strange is going on here. > > > > I'm not familiar with how nginx logs, but I'd start by verifying: > > 1. That the X-Forwarded-For does indeed reach the relevant server. > > 2. That the entity that logs honors X-Forwarded-For. > > Looking at varnishlog (which covers the incoming request from nginx1 and > response from nginx2. > > It looks like X-Forwarded-For is properly set on nginx1. However on the > response, it looks like there are 2(?) X-Forwarded-For headers instead of > being chained as in http://en.wikipedia.org/wiki/X-Forwarded-For#Format Varnish doesn't touch these headers unless you tell it to, so it looks like nginx is confused. -- Kristian Lyngstøl Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497 pgpySywXr6W0T.pgp Description: PGP signature ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc
Re: varnish 2.0.4 and new config changes
On Tue, Apr 7, 2009 at 4:46 AM, Kristian Lyngstol < krist...@redpill-linpro.com> wrote: > On Tue, Apr 07, 2009 at 04:11:04AM -0700, Jauder Ho wrote: > > > FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk > > though. > > It would seem I was mistaken. It doesn't look like the obj to beresp > commits made it into 2.0.4 after a quick check. So that's only relevant to > trunk. > That could be a problem for some people as obj.ttl is not available in vcl_fetch in 2.0.4 and beresp.ttl is not available until trunk. > > > > Right now, only nginx1 sets X-Forwarded-For; varnish does not set > > X-Forwarded-For; nginx2 is a fastcgi frontend and does not set > > X-Forwarded-For. > > > > With this config (and using -trunk), nginx2 still logs the gateway IP so > > something strange is going on here. > > I'm not familiar with how nginx logs, but I'd start by verifying: > 1. That the X-Forwarded-For does indeed reach the relevant server. > 2. That the entity that logs honors X-Forwarded-For. > Looking at varnishlog (which covers the incoming request from nginx1 and response from nginx2. It looks like X-Forwarded-For is properly set on nginx1. However on the response, it looks like there are 2(?) X-Forwarded-For headers instead of being chained as in http://en.wikipedia.org/wiki/X-Forwarded-For#Format 10 SessionOpen c 192.168.1.20 33406 192.168.1.20: 10 ReqStart c 192.168.1.20 33406 1768153962 10 RxRequestc HEAD 10 RxURLc / 10 RxProtocol c HTTP/1.0 10 RxHeader c X-Real-IP: 208.69.40.136 10 RxHeader c X-Forwarded-For: 208.69.40.136 10 RxHeader c Host: shop.carumba.org 10 RxHeader c Connection: close 10 RxHeader c User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.10 libssh2/0.18 10 RxHeader c Accept: */* 10 VCL_call c recv 10 VCL_return c lookup 10 VCL_call c hash 10 VCL_return c hash 10 VCL_call c miss 10 VCL_return c fetch 11 BackendClose - default 11 BackendOpen b default 192.168.1.20 54829 67.180.237.183 10 Backend c 11 default default 11 TxRequestb GET 11 TxURLb / 11 TxProtocol b HTTP/1.1 11 TxHeader b X-Real-IP: 208.69.40.136 11 TxHeader b X-Forwarded-For: 208.69.40.136 11 TxHeader b Host: shop.carumba.org 11 TxHeader b User-Agent: curl/7.18.2 (x86_64-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.10 libssh2/0.18 11 TxHeader b Accept: */* 11 TxHeader b X-Varnish: 1768153962 11 TxHeader b X-Forwarded-For: 192.168.1.20 11 RxProtocol b HTTP/1.1 11 RxStatus b 200 11 RxResponse b OK 11 RxHeader b Server: nginx 11 RxHeader b Date: Wed, 08 Apr 2009 00:25:35 GMT 11 RxHeader b Content-Type: text/html; charset=UTF-8 11 RxHeader b Transfer-Encoding: chunked 11 RxHeader b Connection: keep-alive 11 RxHeader b Set-Cookie: frontend=c4b996baf5465ad3c2cce532fe0af656; expires=Wed, 08 Apr 2009 01:25:35 GMT; path=/; domain=shop.carumba.org; HttpOnly 11 RxHeader b Expires: Thu, 19 Nov 1981 08:52:00 GMT 11 RxHeader b Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 11 RxHeader b Pragma: no-cache 10 TTL c 1768153962 RFC 0 1239150335 1239150335 375007920 0 0 10 VCL_call c fetch 10 TTL c 1768153962 VCL 300 1239150335 10 VCL_return c pass 10 ObjProtocol c HTTP/1.1 10 ObjStatusc 200 10 ObjResponse c OK 10 ObjHeaderc Server: nginx 10 ObjHeaderc Date: Wed, 08 Apr 2009 00:25:35 GMT 10 ObjHeaderc Content-Type: text/html; charset=UTF-8 10 ObjHeaderc Set-Cookie: frontend=c4b996baf5465ad3c2cce532fe0af656; expires=Wed, 08 Apr 2009 01:25:35 GMT; path=/; domain=shop.carumba.org; HttpOnly 10 ObjHeaderc Expires: Thu, 19 Nov 1981 08:52:00 GMT 10 ObjHeaderc Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 10 ObjHeaderc Pragma: no-cache 10 ObjHeaderc X-Varnish-IP: 192.168.1.20 11 BackendReuse b default 10 Length c 8090 10 VCL_call c deliver 10 VCL_return c deliver 10 TxProtocol c HTTP/1.1 10 TxStatus c 200 10 TxResponse c OK 10 TxHeader c Server: nginx 10 TxHeader c Content-Type: text/html; charset=UTF-8 10 TxHeader c Set-Cookie: frontend=c4b996baf5465ad3c2cce532fe0af656; expires=Wed, 08 Apr 2009 01:25:35 GMT; path=/; domain=shop.carumba.org; HttpOnly 10 TxHeader c Expires: Thu, 19 Nov 1981 08:52:00 GMT 10 TxHeader c Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 10 TxHeader c Pragma: no-cache 10 TxHeader c X-Varnish-IP: 192.168.1.20 10 TxHeader c Content-Length: 8090 10 TxHeader c Date: Wed, 08 Apr 2009 00:25:35 GMT 10 TxHeader c X-Varnish: 1768153962 10 TxHeader c Age: 0 1
Re: varnish 2.0.4 and new config changes
On Tue, Apr 07, 2009 at 04:11:04AM -0700, Jauder Ho wrote: > On Tue, Apr 7, 2009 at 3:19 AM, Kristian Lyngstol > wrote: > > On Tue, Apr 07, 2009 at 02:55:13AM -0700, Jauder Ho wrote: > > > I just downloaded the new 2.0.4 release and noticed that a couple of > > > things had changed causing my existing config to stop working. > > > Therefore, I had a couple of questions that I'm hoping that you can > > > help answer. > > > > > > a) Is beresp.ttl basically replacing obj.ttl? If so, I should be able > > > to do the following right in vcl_fetch? > > > > > > if (beresp.ttl < 300s) { > > > set beresp.ttl = 300s; > > > } > > > > Yes, for all intents and purposes, beresp is obj. The name change is > > reflecting some underlying changes that doesn't really affect how you write > > VCL - yet. > > FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk > though. It would seem I was mistaken. It doesn't look like the obj to beresp commits made it into 2.0.4 after a quick check. So that's only relevant to trunk. > > > c) Lastly, I have a config of user > nginx1 > varnish > nginx2 > > > > php-fpm and noticed that the IP being logged on nginx2 is the > > > internal IP. nginx1 has X-Forwarded-For set. (...) > > If your first nginx sets X-Forwarded-For, then setting > > req.http.X-Forwarded-For = client.ip; will overwrite it with nginx1's IP. > > So don't set X-Forwarded-For in vcl_recv and it will pass straight through > > Varnish. 2.0.4 does not affect this compared to 2.0.3. > > Right now, only nginx1 sets X-Forwarded-For; varnish does not set > X-Forwarded-For; nginx2 is a fastcgi frontend and does not set > X-Forwarded-For. > > With this config (and using -trunk), nginx2 still logs the gateway IP so > something strange is going on here. I'm not familiar with how nginx logs, but I'd start by verifying: 1. That the X-Forwarded-For does indeed reach the relevant server. 2. That the entity that logs honors X-Forwarded-For. -- Kristian Lyngstøl Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497 pgpaJ2gJHx0nH.pgp Description: PGP signature ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc