some blog : )

IP geolocation / GeoIP with Varnish

| Comments

Article history

  • 2013-10-25 :: Creation
  • 2014-04-24 :: Update
    • typo fix
  • 2015-07-02 :: Huge update
    • Added complete installation steps of Varnish (3 and 4 branches) and GeoIP VMOD for popular Linux distros (Debian/Ubuntu/CentOS)
    • VCL examples adopted for Varnish 3.x and 4.x branches)


Often we need to determine clients IP location and process some actions before sending request to backend with application.

Varnish itself has no built-in functionality for this task, but can be added with VMOD.

Thanks to Open Source community – GeoIP functionality has been already realized by various people in different GeoIP VMODs.

This post will explain how to build one of the GeoIP VMODs and show few usage examples

PKGBUILD: varnish-custom

| Comments

Yet another my PKGBUILD for ArchLinux. It provides custom Varnish build with additional VMODs

List of VMODs provided with PKGBUILD:

  • Standard – (built-in) contains useful, generic function that don’t quite fit in the VCL core, but are still considered very useful to a broad audience
  • Authentication – implements HTTP Basic authentication
  • Boltsort – provides querystring parameters sort function
  • GeoIP – exports functions to look up GeoIP country codes
  • Header – module for various manupulations with headers
  • QueryString – module for various manipulations with querystring
  • Shield – provides basic means for DDoS protection
  • SoftPurge – provines cache invalidation function that reduces TTL but keeps the grace value of a resource
  • Timers – gives an access to various timers and duration counters
  • TimeUtils – assists with date-related functions, including manipulation of date-formatted headers
  • Var – implements support for variables

Description and functions list of each VMOD available on each VMOD’s page of main Varnish site or on GitHub, please see URL above the list

Link to AUR

Varnish 3.x custom error pages

| Comments

Most VCL examples and Varnish wiki offers two solutions for custom error pages. First one is a strict HTML code in a synthetic block and second one is a reading html file from disk with inline C. Both variants work, but makes our VCL code nasty (also second variant with inline C reads file from disk on every ‘wrong’ request).

I want to suggest third variant, that combines both previous variants without their bad side.

PKGBUILD: nginx-custom

| Comments

Proudly presents my own nginx PKGBUILD for AUR (ArchLinux User Repository) with additional and 3d party modules:

  • Standard HTTP Modules
  • Optional HTTP Modules: Debug, Gzip Precompression, Stub Status, IPv6, SSL, Real IP, Secure Link, Addition, XSLT, MP4, FLV, Substitution, Image Filter, Embedded Perl, Degradation, Random Index
  • 3d Party Modules: Upstream Fair, Echo, Upload Progress, Cache Purge, Headers More, SlowFS Cache

Link to AUR

Varnish with simple Virtual Hosts

| Comments

Usually we have more than one development environments for projects on our development servers or workstations. And part of them needs to be proxied with Varnish.

Varnish configurations may be same and may be different. One or three different configurations may be stored in default configuration file (default.vcl). But if count of configurations grows up, then file becomes unreadable and inconvenient.

I suggest to use a simple solution to split configurations to separate files and include them in main configuration file. It add some overhead for same configurations, but makes confuguration easier.

Varnish HTTP Authentication

| Comments

Sometimes we need restrict access to site that cached by Varnish with basic HTTP authentication.

Basic method is enable it on backend (Apache, nginx, lighttpd or other web-server). But after the first correct request, it will be cached on Varnish and all other clients requests would be without authentication.
Solution for this situation is pass all request with authentication to backend with next statement:

Pass authorization to backend
if (req.http.Authorization || req.http.Authenticate)
  return (pass);

As we remember, caching still required for this site. So, statement above is not suitable for our conditions.

Good workaround is to check HTTP authentication at the Varnish.
Well then do it in VCL.