On 09.08.2017 17:36, Dridi Boukelmoune wrote:
On Wed, Aug 9, 2017 at 4:46 PM, Admin Beckspaced <ad...@beckspaced.com> wrote:
Hello Varnish Community,

I'm running an openSUSE 42.2 server with varnish 5.1.2
Update to 5.1.3, your Varnish instance can be DoS'd remotely!

For me it looks like that varnishlog.service is waiting for varnish.service
to start and the varnish.service seems to take a bit long to start up?
Correct.

Is there a systemd service option to wait for a few seconds before starting
varnishlog.service
something like a delayed start of the service?
Not a systemd option, but you can use the `-t` option in varnishncsa
or varnishlog to increase the timeout (defaults to 5s).

VARNISHLOG_PARAMS="-f /etc/varnish/varnishncsa-log-format-string -a -w
/var/log/varnish/varnish.log"
This is where you want to add a timeout option. See man varnishncsa.

Cheers,
Dridi
Just to report back on the startup issue ...

added the timeout option to the startup via '-t 30'
and after a system reboot systemctl status reports

cx40:~ # systemctl status varnishlog.service
● varnishlog.service - Varnish log generator
Loaded: loaded (/etc/systemd/system/varnishlog.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2017-08-10 08:35:19 CEST; 1min 35s ago
 Main PID: 1145 (varnishncsa)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/varnishlog.service
└─1145 /usr/sbin/varnishncsa -t 30 -f /etc/varnish/varnishncsa-log-format-string -a -w /var/log/varnish/varnish.log -P /var/run/varnishlog.pid

Aug 10 08:35:19 cx40 systemd[1]: Started Varnish log generator.
Aug 10 08:35:19 cx40 varnishncsa[1145]: Cannot open log - retrying for 30 seconds
Aug 10 08:35:28 cx40 varnishncsa[1145]: Log opened

so ... all has worked out fine ;)

Thanks & greetings
Becki

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Reply via email to