Reaching out to others! Contact for Consulting on Infrastructure Management, Solutioning, Cloud Support etc..

Loging Varnish client IP in Apache logs

When you have a varnish server infront of your Apache server, you will be reverse proxying the requests. This will mark your varnish’s servers ip as the client in apache logs. To let apache know the real client’s ip we can user mod_rpaf module needs to be loaded. Use the following steps to install mod_rpaf module on your apache server.

wget https://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar xvfz mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
sed -ie ‘s/apxs2/apxs/’ Makefile
make rpaf-2.0
make install-2.0

Once the installation is done, we need to add the following configuration apache configuration file to enable the module.

LoadModule rpaf_module modules/mod_rpaf-2.0.so


RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For

RPAFproxy_ips can be multiple IP address and it’s IP from your reverse proxy.

RPAFproxy_ips 127.0.0.1 xxx.xxx.xxx.xxx

Replace xxx.xxx.xxx.xxx with your varnish servers ips.

Add the following LogFormat to apache configuration file (httpd.conf)

LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” varnishcombined

In the VirtualHost entry of your domain use varnishcombined as logformat for access logs.

In varnish (3.0.x) default.vlc file under vlc_recv{} add following lines:

if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + “, ” + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}

restart apache and httpd to finish with.

You should now start seeing the actual client’s ip in apache logs as well.

Source: varnish, stackoverflow, bxtra.net etc

My debian days…

debian

openlogo-100

I had dedicated few days of past few weeks for Debian in search of stable, secure and reliable solutions.  With Debian, I ended up finding robust solutions for lots of questions which we had while setting up LAN resources.

Debian net install CD which weighed around 160MB was more than enough to get started. I could setup RAID1 for disks to ensure quick and easy data recovery incase of disk failures. Installed Apache, PHP, Mysql for Intranet, NIS for centralized network authentication, NFS for network mounts and centralized home directories for users, Quota to ensure we don’t run out of disk space etc. It was fast and yet stable. I could find the solutions for various issues which I faced during the installation very quickly (there were very few issues though). Extensive documentation found on the internet made it easy for me and my collegues to get on with complex configurations. We could easily integrate debian into our heterogenious OS environment and network.

I will be adding articles related to Debian to my blog in coming days. That  should make it much more easier for you all to find solutions for your questions. Do comment and let me know if you have any unanswered questions with debian. I would be happy to dig deep into those issues and update you.

Debian – apt-on to get it

It’s all about FREEDOM

debian-logo-by-m00s3s

Redirect HTTP request to HTTPS

To redirect http requests to https on your Apache web server use .htaccess and add the following rewrite rules.

RewriteEngine On
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]

You can also add it inside the virtual host entry of the domain for which you need this redirect.

Apache: Segmentation Fault $HTTPD -k $ARGV

Hit with segfault while restarting apache?

Segmentation Fault $HTTPD -k $ARGV

  • Check if any one recompiled apache and other modules recently. If yes, try recompiling Apache or the module in question once again.
  • See if there is any other error while compiling which might lead you to the root cause.
  • Also check if there is any Memory related issues. You might have to ask for Memory test from DC.
  • Speed up website: Set HTTP Expires header

    When I see my website loading very slow, I get irritated as I want that to load fast on any type of Internet connection. Because, I’m trying to reach out to all…

    Step by Step take action on website optimization and speed up your website. All it takes is the hacking mentality which lets you digg out lots of things from the world of Internet.

    One simple way to improve the performance of your website is to set up HTTP Expires headers for static content well into the future. For example,Images, CSS files, PDF’s. This forces your clients browser to cache them and make your website load fast.

    If your website is running on Apache web server, put the following lines of code into .htaccess or Apache configuration file and you’re done with it. It works if you have mod_expires module enabled in your web server.

    ExpiresActive On


    Header set Expires “Thu, 15 Apr 2010 20:00:00 GMT”

    Here is an another interesting website which I found on the net while studying about mod_expires.

    Limit Number of simultaneous downloads in Apache

    Many times clients, severely get hit by DDos attacks on their web servers. At first level, we get to identify the domain which is being targeted if you’re looking into a shared hosting server. Once that is done, we can try limiting the number of simultaneous downloads from each IP which is trying to access the web pages. We can also tweak lots of other parameters in Apache. But adding limitation to individual IP made lots of difference to many high volume hosting servers.

    This can be achieved by adding a module called mod_limitipconn to apache. Entries related to this module look as follows :

    # Only needed if the module is compiled as a DSO
    LoadModule limitipconn_module lib/apache/mod_limitipconn.so
    AddModule mod_limitipconn.c



    MaxConnPerIP 3
    # exempting images from the connection limit is often a good
    # idea if your web page has lots of inline images, since these
    # pages often generate a flurry of concurrent image requests
    NoIPLimit image/*


    MaxConnPerIP 1
    # In this case, all MIME types other than audio/mpeg and video*
    # are exempt from the limit check
    OnlyIPLimit audio/mpeg video

    Check these links to learn how to install it for Apache 1.3x and 2.x

    Tomcat Dummies for Cpanel Server

    How to enable tomcat support for an account created under Cpanel Server?

    Quite simple. If you’re a server admin, Login to WHM and search for “Install Servlets” option. Select the domain name and click on Install.

    Now, this feature will make the required configuration entires in Tomcat configuration file i.e /usr/local/jakarta/tomcat/conf/server.xml

    It looks as follows :


    docBase=”/home/domainna/public_html” debug=”0″/>
    docBase=”/usr/local/jakarta/tomcat/server/webapps/manager”>

    www.domainname.com

    Along with this few more entries needs to be added to your servers configuration file related to apache mod_jk module.

    Following IfModule section is added inside the virtual host entry of the domain (here it is domainname.com please check server.xml entry which I mentioned earlier)


    JkMount /*.do ajp13
    JkMount /*.jsp ajp13
    JkMount /servlet/* ajp13
    JkMount /servlets/* ajp13
    JkMount /manager/* ajp13

    For the above lines to work with Apache, you got to be sure that mod_jk apache module is installed and loaded into Apache.

    Search for following lines in httpd.conf to confirm the same :

    LoadModule jk_module libexec/mod_jk.so
    AddModule mod_jk.c

    Now, you’re ready to go ahead and restart apache and tomcat (PS: If you’re installing servlet from WHM, you need not restart tomcat)

    You might notice that installing servlet via WHM added an a folder called WEB-INF folder inside the document root of the domain (/home/domainna/public_html in the above example). This folder can be used to organize your servlet classes and lib files. Your domains web.xml will also go into WEB-INF.

    Now, lets put a test jsp file called jsptest.jsp with the following code :

    Test JSP page

    Sample Application JSP Page

    This is the output of a JSP page that is part of the Hello, World application.
    It displays several useful values from the request we are currently
    processing.

    Request Method: <%= request.getMethod() %>
    Servlet Path: <%=
    request.getServletPath() %>

    Save the file and browse this jsp file from the browser now.

    Ex: https://domainname.com/jsptest.jsp

    Are you greated with the following message ?

    Sample Application JSP Page
    This is the output of a JSP page that is part of the Hello, World application.
    It displays several useful values from the request we are currently processing.
    Request Method: GET
    Servlet Path: /jsptest.jsp

    Kewl! Congratulations. Your Jsp file is working now.

    Now go ahead and update your client.