Re: varnish 2.0.4 and new config changes

2009-04-14 Thread Jauder Ho
Kristian,

Sorry about that. I'm cc'ing to varnish-misc.


On Tue, Apr 7, 2009 at 3:19 AM, Kristian Lyngstol 
krist...@redpill-linpro.com wrote:

 On Tue, Apr 07, 2009 at 02:55:13AM -0700, Jauder Ho wrote:
  I just downloaded the new 2.0.4 release and noticed that a couple of
 things
  had changed causing my existing config to stop working. Therefore, I had
 a
  couple of questions that I'm hoping that you can help answer.
 
  a) Is beresp.ttl basically replacing obj.ttl? If so, I should be able to
 do
  the following right in vcl_fetch?
 
if (beresp.ttl  300s) {
  set beresp.ttl = 300s;
}

 Yes, for all intents and purposes, beresp is obj. The name change is
 reflecting some underlying changes that doesn't really affect how you write
 VCL - yet.


FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk
though.

Error msg from varnish-2.0.4 upon startup:
Message from VCC-compiler:
Unknown variable 'beresp.ttl'
At: (input Line 128 Pos 7)
  if (beresp.ttl  300s) {
--##--
Running VCC-compiler failed, exit 1
VCL compilation failed




  b) With the change above, it looks like
  http://varnish.projects.linpro.no/wiki/FAQ#HowdoIaddaHTTPheader is
 invalid
  as obj is not valid in vcl_fetch. Just wanted to confirm that
  beresp.http.X-Varnish-IP; works as expected.

 See the above answer (yes, it's valid).

  c) Lastly, I have a config of user  nginx1  varnish  nginx2  php-fpm
 and
  noticed that the IP being logged on nginx2 is the internal IP. nginx1 has
  X-Forwarded-For set. Using the wiki's suggestion at
 
 http://varnish.projects.linpro.no/wiki/FAQ#HowcanIlogtheclientIPaddressonthebackend
 ,
 
 
  sub vcl_recv {
# Add a unique header containing the client address
remove req.http.X-Forwarded-For;
setreq.http.X-Forwarded-For = client.ip;
# [...]
  }
 
  This does not seem to work to show the user IP on nginx2 so any
 suggestions
  would be appreciated as I'm wondering if the changes 2.0.4 affect this.
  Thanks!

 If your first nginx sets X-Forwarded-For, then setting
 req.http.X-Forwarded-For = client.ip; will overwrite it with nginx1's IP.
 So don't set X-Forwarded-For in vcl_recv and it will pass straight through
 Varnish. 2.0.4 does not affect this compared to 2.0.3.


Right now, only nginx1 sets X-Forwarded-For; varnish does not set
X-Forwarded-For; nginx2 is a fastcgi frontend and does not set
X-Forwarded-For.

With this config (and using -trunk), nginx2 still logs the gateway IP so
something strange is going on here.

--Jauder



 By the way, this discussion belongs on one of the mailing lists.

 --
 Kristian Lyngstøl
 Redpill Linpro AS
 Tlf: +47 21544179
 Mob: +47 99014497

___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc


Re: varnish 2.0.4 and new config changes

2009-04-08 Thread Kristian Lyngstol
On Tue, Apr 07, 2009 at 05:29:23PM -0700, Jauder Ho wrote:
 On Tue, Apr 7, 2009 at 4:46 AM, Kristian Lyngstol 
 krist...@redpill-linpro.com wrote:
 
  On Tue, Apr 07, 2009 at 04:11:04AM -0700, Jauder Ho wrote:
 
   FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk
   though.
 
  It would seem I was mistaken. It doesn't look like the obj to beresp
  commits made it into 2.0.4 after a quick check. So that's only relevant to
  trunk.
 
 
 That could be a problem for some people as obj.ttl is not available in
 vcl_fetch in 2.0.4 and beresp.ttl is not available until trunk.

That's not correct. Obj.ttl is available in hit, fetch, discard, timeout
and error in 2.0.4. It's only available in hit, discard, timeout and error
in trunk as beresp.ttl replaces it in fetch.  

   Right now, only nginx1 sets X-Forwarded-For; varnish does not set
   X-Forwarded-For; nginx2 is a fastcgi frontend and does not set
   X-Forwarded-For.
  
   With this config (and using -trunk), nginx2 still logs the gateway IP so
   something strange is going on here.
 
  I'm not familiar with how nginx logs, but I'd start by verifying:
  1. That the X-Forwarded-For does indeed reach the relevant server.
  2. That the entity that logs honors X-Forwarded-For.
 
 Looking at varnishlog (which covers the incoming request from nginx1 and
 response from nginx2.
 
 It looks like X-Forwarded-For is properly set on nginx1. However on the
 response, it looks like there are 2(?) X-Forwarded-For headers instead of
 being chained as in http://en.wikipedia.org/wiki/X-Forwarded-For#Format

Varnish doesn't touch these headers unless you tell it to, so it looks like
nginx is confused. 

-- 
Kristian Lyngstøl
Redpill Linpro AS
Tlf: +47 21544179
Mob: +47 99014497


pgpySywXr6W0T.pgp
Description: PGP signature
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc


Re: varnish 2.0.4 and new config changes

2009-04-07 Thread Kristian Lyngstol
On Tue, Apr 07, 2009 at 04:11:04AM -0700, Jauder Ho wrote:
 On Tue, Apr 7, 2009 at 3:19 AM, Kristian Lyngstol
 krist...@redpill-linpro.com wrote:
  On Tue, Apr 07, 2009 at 02:55:13AM -0700, Jauder Ho wrote:
   I just downloaded the new 2.0.4 release and noticed that a couple of
   things had changed causing my existing config to stop working.
   Therefore, I had a couple of questions that I'm hoping that you can
   help answer.
  
   a) Is beresp.ttl basically replacing obj.ttl? If so, I should be able
   to do the following right in vcl_fetch?
  
 if (beresp.ttl  300s) {
   set beresp.ttl = 300s;
 }
 
  Yes, for all intents and purposes, beresp is obj. The name change is
  reflecting some underlying changes that doesn't really affect how you write
  VCL - yet.
 
 FYI, beresp.ttl does not work on varnish 2.0.4. It does work on -trunk
 though.

It would seem I was mistaken. It doesn't look like the obj to beresp
commits made it into 2.0.4 after a quick check. So that's only relevant to
trunk.

   c) Lastly, I have a config of user  nginx1  varnish  nginx2 
   php-fpm and noticed that the IP being logged on nginx2 is the
   internal IP. nginx1 has X-Forwarded-For set. 

(...)

  If your first nginx sets X-Forwarded-For, then setting
  req.http.X-Forwarded-For = client.ip; will overwrite it with nginx1's IP.
  So don't set X-Forwarded-For in vcl_recv and it will pass straight through
  Varnish. 2.0.4 does not affect this compared to 2.0.3.
 
 Right now, only nginx1 sets X-Forwarded-For; varnish does not set
 X-Forwarded-For; nginx2 is a fastcgi frontend and does not set
 X-Forwarded-For.
 
 With this config (and using -trunk), nginx2 still logs the gateway IP so
 something strange is going on here.

I'm not familiar with how nginx logs, but I'd start by verifying: 
1. That the X-Forwarded-For does indeed reach the relevant server.
2. That the entity that logs honors X-Forwarded-For.

-- 
Kristian Lyngstøl
Redpill Linpro AS
Tlf: +47 21544179
Mob: +47 99014497


pgpaJ2gJHx0nH.pgp
Description: PGP signature
___
varnish-misc mailing list
varnish-misc@projects.linpro.no
http://projects.linpro.no/mailman/listinfo/varnish-misc