diff options
| -rw-r--r-- | config/varnish64/backends.xml | 123 | ||||
| -rw-r--r-- | config/varnish64/varnish.inc | 204 | ||||
| -rw-r--r-- | config/varnish64/varnish_settings.xml | 93 |
3 files changed, 420 insertions, 0 deletions
diff --git a/config/varnish64/backends.xml b/config/varnish64/backends.xml new file mode 100644 index 00000000..bcec031b --- /dev/null +++ b/config/varnish64/backends.xml @@ -0,0 +1,123 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + backends.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich + All rights reserved. +*/ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>varnishbackends</name> + <version>0.0.1</version> + <title>Varnish: Whitelist</title> + <menu> + <name>Varnish </name> + <tooltiptext></tooltiptext> + <section>Services</section> + <configfile>backends.xml</configfile> + </menu> + <tabs> + <tab> + <text>Varnish Backends</text> + <url>/pkg.php?xml=backends.xml</url> + <active/> + </tab> + </tabs> + <configpath>['installedpackages']['varnish']['config']</configpath> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>IPAddress</fielddescr> + <fieldname>ipaddress</fieldname> + </columnitem> + <columnitem> + <fielddescr>Name</fielddescr> + <fieldname>backendname</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>IPAddress</fielddescr> + <fieldname>ipaddress</fieldname> + <description>Enter the IP Address of the backend web server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Backend name</fielddescr> + <fieldname>backendname</fieldname> + <description>Enter the name of this backend web server.</description> + <type>input</type> + </field> + <field> + <fielddescr>Port</fielddescr> + <fieldname>port</fieldname> + <description>Enter the TCP/IP port of the webserver.</description> + <type>input</type> + </field> + <field> + <fielddescr>First byte timeout</fielddescr> + <fieldname>first_byte_timeout</fieldname> + <description> time to wait for the first byte from the backend and .between_bytes_timeout for time to wait between each received byte.</description> + <type>input</type> + </field> + <field> + <fielddescr>Connect timeout</fielddescr> + <fieldname>connect_timeout</fieldname> + <description>The time to wait for a backend connection.</description> + <type>input</type> + </field> + <field> + <fielddescr>none</fielddescr> + <fieldname>none</fieldname> + <type>rowhelper</type> + <rowhelper> + <rowhelperfield> + <fielddescr>URL</fielddescr> + <fieldname>urlmapping</fieldname> + <description>Enter the URL that will be mapped to this backend.</description> + <type>input</type> + </rowhelperfield> + </rowhelper> + </field> + </fields> + <custom_php_command_before_form> + </custom_php_command_before_form> + <custom_delete_php_command> + sync_package_varnish(); + </custom_delete_php_command> + <custom_php_resync_config_command> + sync_package_varnish(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc new file mode 100644 index 00000000..5df22487 --- /dev/null +++ b/config/varnish64/varnish.inc @@ -0,0 +1,204 @@ +<?php +/* ========================================================================== */ +/* + varnish.inc + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +function sync_package_varnish() { + if($config['installedpackages']['varnishsettings']['config'] != "") { + foreach($config['installedpackages']['varnishsettings']['config'] as $vs) { + if($vs['storagetype'] == "malloc") + $storage_type = "-s malloc,{$vs['storagesize']}MB"; + else + $storage_type = "-s file,/var/varnish/storage.bin,{$vs['storagesize']}MB"; + if($vs['listeningport']) + $listeningport = "-a :{$vs['listeningport']}"; + else + $listeningport = "-a :80"; + } + $fd = fopen("/usr/local/etc/rc.d/varnish.sh", "w"); + $rc_file = <<<EOF; +#!/bin/sh +mkdir -p /var/varnish +rm /var/varnish/storage.bin 2>/dev/null +killall varnishd 2>/dev/null +sleep 1 +/usr/local/sbin/varnishd \ + {$listeningport} \ + -f /var/etc/default.vcl \ + {$storage_type} \ + -w 200,4000,50 + +EOF; + fwrite($fd, $rc_file); + fclose($fd); + exec("chmod a+rx /usr/local/etc/rc.d/varnish.sh") + } + + if(!$errorvcl) + $errorvcl = <<<EOF +set obj.http.Content-Type = "text/html; charset=utf-8"; +synthetic {" +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html> +<head> +<title>"} obj.status " " obj.response {"</title> +</head> +<body> +<b> +<p>We are very sorry but an error occured during this request.</p> +</b> +<p>Please press refresh in your browser to try again.</p> +<p>Varnish Error "} obj.status " " obj.response {"</p> +<p>"} obj.response {"</p> +<h3>Guru Meditation:</h3> +<p>XID: "} req.xid {"</p> + +</body> +</html> +"}; +deliver; + +EOF; + + $backends = ""; + if($config['installedpackages']['varnishbackends']['config'] != "") { + foreach($config['installedpackages']['varnishbackends']['config'] as $backend) { + $urlmappings = ""; + $isfirst = true; + if($config['installedpackages']['varnishurlmappings']['config'] != "") { + foreach($config['installedpackages']['varnishurlmappings']['config'] as $urlmapping) { + if(!$isfirst) + $urlmappings .= "else "; + $urlmappings = <<<EOAU; +if (req.http.host == "{$urlmapping['url']}") { + set req.backend = {$urlmapping['backend']}; +} +EOAU; + $isfirst = false; + } + } + if($backend['connect_timeout']) + $connect_timeout = $backend['connect_timeout'] . "s"; + else + $connect_timeout = "25s"; + if($backend['port']) + $connect_timeout = $backend['port']; + else + $connect_timeout = "80"; + if($backend['first_byte_timeout']) + $first_byte_timeout = $backend['first_byte_timeout']; + else + $first_byte_timeout = "300s"; + $backends .= <<<EOFA; +backend {$backend['backendname']} { + .host = "{$backend['ipaddress']}"; + .port = "{$backend['port']}"; + .first_byte_timeout = "{$first_btye_timeout}"; + .connect_timeout = "{$connect_timeout}"; +} + +EOFA; + } + } +} + +$varnish_config_file = <<<EOF + +# Varnish configuration file +# Automatically generated by the pfSense package system + +sub vcl_error { + {$errorvcl} +} + +{$backends} + +sub vcl_recv { + {$vcl_recv_custom_early} + # If the client sent an X-Forwarded-For header, remove it. + # It cannot betrusted. + unset req.http.X-Forwarded-For; + # Note that we don't need to add the client ip to the X-Forwarded-For + # header, varnish will do that for us + if (req.http.Accept-Encoding) { + # Handle compression correctly. Varnish treats headers literally + # not semantically. So it is very well possible that there are + # cache misses because the headers sent by different browsers + # aren't the same. + # @see: http:// varnish.projects.linpro.no/wiki/FAQ/Compression + if (req.http.Accept-Encoding ~ "gzip") { + # if the browser supports it, we'll use gzip + set req.http.Accept-Encoding = "gzip"; + } elsif (req.http.Accept-Encoding ~ "deflate") { + # next, try deflate if it is supported + set req.http.Accept-Encoding = "deflate"; + } else { + # unknown algorithm. Probably junk, remove it + unset req.http.Accept-Encoding; + } + } + {$urlmappings} + {$vcl_recv_custom_late} + if (req.request != "GET" && req.request != "HEAD") { + pipe; + } + return(lookup); +} + +sub vcl_pipe { + {$vcl_pipe_early} + # If we don't set the Connection: close header, any following + # requests from the client will also be piped through and + # left untouched by varnish. We don't want that. + set req.http.connection = "close"; + # Note: no "pipe" action here - we'll fall back to the default + # pipe method so that when any changes are made there, we + # still inherit them. + {$vcl_pipe_late} +} + +sub vcl_fetch { + {$vcl_fetch_early} + {$vcl_fetch_late} + return(deliver); +} + +EOF; + + $fd = fopen("/var/etc/default.vcl", "w"); + fwrite($fd, $varnish_config_file); + fclose($fd); + exec("/usr/local/etc/rc.d/varnish.sh"); +} + +?>
\ No newline at end of file diff --git a/config/varnish64/varnish_settings.xml b/config/varnish64/varnish_settings.xml new file mode 100644 index 00000000..60d08c1d --- /dev/null +++ b/config/varnish64/varnish_settings.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* ========================================================================== */ +/* + varnish_settings.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>varnishsettings</name> + <version>0.0.1</version> + <title>Varnish Settings</title> + <aftersaveredirect>pkg_edit.php?xml=varnish_settings.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/varnish.inc</include_file> + <menu> + <name>Varnish</name> + <section>Services</section> + <configfile>backends.xml</configfile> + </menu> + <service> + <name>varnish</name> + <rcfile>varnish.sh</rcfile> + </service> + <tabs> + <tab> + <text>Backends</text> + <url>/pkg.php?xml=backends.xml</url> + </tab> + </tabs> + <configpath>['installedpackages']['varnish']['config']</configpath> + <fields> + <field> + <fielddescr>Storage type</fielddescr> + <fieldname>storagetype</fieldname> + <description>The SMTP version banner that is reported upon initial connection.</description> + <type>select</type> + <options> + <option><name>Memory</name><value>malloc</value></option> + <option><name>Disk</name><value>ondisk</value></option> + </options> + </field> + <field> + <fielddescr>Cache storage size in megabytes</fielddescr> + <fieldname>storagesize</fieldname> + <description>Enter the size of the varnish cache in megabytes. HINT: 1024 == 1 Gigabyte</description> + <type>input</type> + </field> + <field> + <fielddescr>Listening port</fielddescr> + <fieldname>listeningport</fieldname> + <description>Enter the port you would like varnish to listen on. Defaults to 80.</description> + <type>input</type> + </field> + </fields> + <custom_php_validation_command> + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_varnish(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file |