| LIC topology: IBM PCs |
|---|
- introduction
- hardware and network
- OS
- applications
- packages
- /etc/network/interfaces
- /etc/udev/rules.d/70-persistent-net.rules
- /etc/resolv.conf
- /etc/hosts
- /etc/apt/sources.list
- /etc/apt/apt.conf.d/10periodic
- /etc/apt/apt.conf.d/02proxy
- /etc/nut/upsmon.conf
- /etc/bacula/bacula-fd.conf
- /home/issalarg/.ssh/authorized_keys
- /var/www/infrastructure/host1
- /var/www/ldirectord.html
- /etc/aliases
- /etc/snmp/snmpd.conf
- /etc/default/snmpd
- /etc/nagios/nrpe_local.cfg
- /etc/mysql/my.cnf
- /etc/mysql/conf.d/replication.cnf
- /etc/default/mysql-mmm-agent
- /etc/mysql-mmm/mmm_agent.conf
- /etc/mysql-mmm/mmm_common.conf
- /etc/drupal/6/sites/default/dbconfig.php
- /etc/apache2/ports.conf
- /etc/varnish/default.vcl
- /var/spool/cron/crontabs/root
introduction
A computer in the internet DMZ that hosts many services for customers. Things specific to this host are listed below. The list is grouped by infrastructure layer.
Every host name in the LIC has five characters like this one.
| LIC topology: ics01 | ||
|---|---|---|
| PCs | switches | ethernet interfaces |
hardware
I buy PC things. Specifically, a Dell OptiPlex GX150. Wikipedia (http://en.wikipedia.org/wiki/Dell_OptiPlex) has this summary.
- Model: GX150
- Chipset: Intel 815E
- CPU: Pentium III or Celeron
- FSB: 100/133 MHz
- RAM type: SDRAM, 2
- RAM speed: PC133
- Chassis: SFF, desktop, mini tower
- Comments: First to have new midnight-gray chassis
- USB: USB 1.1
ics01:~# lshw
ics01
description: Desktop Computer
product: OptiPlex GX150
vendor: Dell Computer Corporation
serial: CY45H0J
width: 32 bits
capabilities: smbios-2.3 dmi-2.3
configuration: administrator_password=enabled boot=normal chassis=desktop frontpanel_password=enabled power-on_password=enabled uuid=44454C4C-59BE-1034-8035-C3C04F48304A
*-core
description: Motherboard
product: OptiPlex GX150
vendor: Dell Computer Corporation
physical id: 0
slot: ~
*-firmware
description: BIOS
vendor: Dell Computer Corporation
physical id: 0
version: A09 (11/07/2001)
size: 64KiB
capacity: 448KiB
capabilities: isa pci pnp apm upgrade shadowing escd cdboot bootselect edd int13floppytoshiba int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb agp ls120boot zipboot biosbootspecification netboot
*-cpu
description: CPU
product: Intel(R) Celeron(TM) CPU 1200MHz
vendor: Intel Corp.
physical id: 400
bus info: cpu@0
version: 6.11.1
slot: Microprocessor
size: 1200MHz
width: 32 bits
clock: 100MHz
capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse up
*-cache:0
description: L1 cache
physical id: 700
size: 32KiB
capacity: 32KiB
capabilities: internal varies unified
*-cache:1
description: L2 cache
physical id: 701
size: 256KiB
capacity: 256KiB
capabilities: internal varies unified
*-memory
description: System Memory
physical id: 1000
slot: System board or motherboard
size: 128MiB
capacity: 512MiB
*-bank:0
description: DIMM SDRAM Synchronous 100 MHz (10.0 ns)
physical id: 0
slot: DIMM_A
size: 64MiB
width: 64 bits
clock: 100MHz (10.0ns)
*-bank:1
description: DIMM SDRAM Synchronous 100 MHz (10.0 ns)
physical id: 1
slot: DIMM_B
size: 64MiB
width: 64 bits
clock: 100MHz (10.0ns)
*-pci
description: Host bridge
product: 82815 815 Chipset Host Bridge and Memory Controller Hub
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 04
width: 32 bits
clock: 33MHz
configuration: driver=agpgart-intel module=intel_agp
*-display UNCLAIMED
description: VGA compatible controller
product: 82815 Chipset Graphics Controller (CGC)
vendor: Intel Corporation
physical id: 2
bus info: pci@0000:00:02.0
version: 04
width: 32 bits
clock: 66MHz
capabilities: pm vga_controller bus_master cap_list
configuration: latency=0
*-pci
description: PCI bridge
product: 82801 PCI Bridge
vendor: Intel Corporation
physical id: 1e
bus info: pci@0000:00:1e.0
version: 11
width: 32 bits
clock: 33MHz
capabilities: pci normal_decode bus_master
*-network:0
description: Ethernet interface
product: VT6102 [Rhine-II]
vendor: VIA Technologies, Inc.
physical id: 7
bus info: pci@0000:01:07.0
logical name: eth1
version: 43
serial: 00:50:ba:2d:38:ef
size: 100MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=via-rhine driverversion=1.4.3 duplex=full latency=64 link=yes maxlatency=8 mingnt=3 module=via_rhine multicast=yes port=MII slave=yes speed=100MB/s
*-network:1
description: Ethernet interface
product: 82557/8/9/0/1 Ethernet Pro 100
vendor: Intel Corporation
physical id: 8
bus info: pci@0000:01:08.0
logical name: eth2
version: 05
serial: 00:50:ba:2d:38:ef
size: 100MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e100 driverversion=3.5.23-k4-NAPI duplex=full firmware=N/A latency=64 link=yes maxlatency=56 mingnt=8 module=e100 multicast=yes port=MII slave=yes speed=100MB/s
*-network:2
description: Ethernet interface
product: 3c905C-TX/TX-M [Tornado]
vendor: 3Com Corporation
physical id: c
bus info: pci@0000:01:0c.0
logical name: eth0
version: 78
serial: 00:08:74:0c:7b:ef
size: 100MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=3c59x duplex=full ip=192.168.80.2 latency=64 link=yes maxlatency=10 mingnt=10 module=3c59x multicast=yes port=MII speed=100MB/s
*-isa
description: ISA bridge
product: 82801BA ISA Bridge (LPC)
vendor: Intel Corporation
physical id: 1f
bus info: pci@0000:00:1f.0
version: 11
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-ide
description: IDE interface
product: 82801BA IDE U100 Controller
vendor: Intel Corporation
physical id: 1f.1
bus info: pci@0000:00:1f.1
version: 11
width: 32 bits
clock: 33MHz
capabilities: ide bus_master
configuration: driver=PIIX_IDE latency=0 module=piix
*-ide:0
description: IDE Channel 0
physical id: 0
bus info: ide@0
logical name: ide0
clock: 33MHz
*-disk
description: ATA Disk
product: WDC WD100BB-75AUA1
vendor: Western Digital
physical id: 0
bus info: ide@0.0
logical name: /dev/hda
version: 18.20D18
serial: WD-WMA6Z1871113
size: 9541MiB (10GB)
capacity: 9541MiB (10GB)
capabilities: ata dma lba iordy smart pm partitioned partitioned:dos
configuration: mode=udma5 signature=000acb82 smart=on
*-volume:0
description: EXT3 volume
vendor: Linux
physical id: 1
bus info: ide@0.0,1
logical name: /dev/hda1
logical name: /
version: 1.0
serial: 7d174737-35cc-4a2a-a013-d713b31f024c
size: 337MiB
capacity: 337MiB
capabilities: primary bootable journaled extended_attributes large_files huge_files recover ext3 ext2 initialized
configuration: created=2009-09-05 09:06:07 filesystem=ext3 modified=2011-01-31 13:24:32 mount.fstype=ext3 mount.options=rw,errors=remount-ro,data=ordered mounted=2011-01-31 13:24:32 state=mounted
*-volume:1
description: Extended partition
physical id: 2
bus info: ide@0.0,2
logical name: /dev/hda2
size: 9201MiB
capacity: 9201MiB
capabilities: primary extended partitioned partitioned:extended
*-logicalvolume:0
description: Linux filesystem partition
physical id: 5
logical name: /dev/hda5
logical name: /usr
capacity: 3427MiB
configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
*-logicalvolume:1
description: Linux filesystem partition
physical id: 6
logical name: /dev/hda6
logical name: /var
capacity: 1686MiB
configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
*-logicalvolume:2
description: Linux swap / Solaris partition
physical id: 7
logical name: /dev/hda7
capacity: 352MiB
capabilities: nofs
*-logicalvolume:3
description: Linux filesystem partition
physical id: 8
logical name: /dev/hda8
logical name: /tmp
capacity: 305MiB
configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
*-logicalvolume:4
description: Linux filesystem partition
physical id: 9
logical name: /dev/hda9
logical name: /home
capacity: 3427MiB
configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
*-ide:1
description: IDE Channel 1
physical id: 1
bus info: ide@1
logical name: ide1
clock: 33MHz
*-cdrom
description: IDE CD-ROM
product: GCR-8481B
physical id: 0
bus info: ide@1.0
logical name: /dev/hdc
version: 1.06
capabilities: packet atapi cdrom removable nonmagnetic dma lba iordy audio
configuration: mode=udma2 status=nodisc
*-usb:0
description: USB Controller
product: 82801BA/BAM USB Controller #1
vendor: Intel Corporation
physical id: 1f.2
bus info: pci@0000:00:1f.2
version: 11
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@1
logical name: usb1
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-serial
description: SMBus
product: 82801BA/BAM SMBus Controller
vendor: Intel Corporation
physical id: 1f.3
bus info: pci@0000:00:1f.3
version: 11
width: 32 bits
clock: 33MHz
configuration: driver=i801_smbus latency=0 module=i2c_i801
*-usb:1
description: USB Controller
product: 82801BA/BAM USB Controller #1
vendor: Intel Corporation
physical id: 1f.4
bus info: pci@0000:00:1f.4
version: 11
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0 module=uhci_hcd
*-usbhost
product: UHCI Host Controller
vendor: Linux 2.6.26-2-686 uhci_hcd
physical id: 1
bus info: usb@2
logical name: usb2
version: 2.06
capabilities: usb-1.10
configuration: driver=hub slots=2 speed=12.0MB/s
*-multimedia
description: Multimedia audio controller
product: 82801BA/BAM AC'97 Audio Controller
vendor: Intel Corporation
physical id: 1f.5
bus info: pci@0000:00:1f.5
version: 11
width: 32 bits
clock: 33MHz
capabilities: bus_master
configuration: driver=Intel ICH latency=0 module=snd_intel8x0
*-network
description: Ethernet interface
physical id: 1
logical name: bond0
serial: 00:50:ba:2d:38:ef
capabilities: ethernet physical
configuration: broadcast=yes driver=bonding driverversion=3.2.5 firmware=2 ip=192.168.0.6 master=yes multicast=yes
ics01:~#
network cables
Three network cables connect ics01 to the networks. They all connect ics01 to the LIC (Larg's Internet Cluster), providing HA and traffic seperation.
Different network cable colours show which one is which.
- One red cable carries business traffic to the LIC, via ces01.
- One blue cable carries business traffic to the LIC, via ces02.
- Another grey cable carries administration traffic to the LIC, via ces03.
network interfaces
I buy ethernet things and add NICs (Network Interface Cards), like I did for xcl01.
| LIC table: ics01 network interfaces | ||||
|---|---|---|---|---|
| computer | interface | description | IP address | netmask |
| ics01 | bond0 | internet customer service - ethernet bonding for eth1 and eth2 | 192.168.0.6 | 255.255.248.0 |
| ics01 | eth1 | internet customer service - biz01 test network | 192.168.0.7 | 255.255.248.0 |
| ics01 | bond0:0 | web server - ethernet bonding for eth1 and eth2 | 192.168.3.2 | 255.255.248.0 |
| ics01 | eth2 | internet customer service - biz02 test network | 192.168.40.4 | 255.255.255.0 |
| ics01 | eth0 | internet customer service administration | 192.168.80.2 | 255.255.248.0 |
OS
All the IBM PCs (Personal Computers) in the LIC (Larg's Internet Cluster) run the Debian distribution.
applications
Almost all the applications in the LIC (Larg's Internet Cluster) are from the Debian distribution.
packages
I want to remove Gnome NetworkManager on xcl01.
apt-get remove network-manager
I install packages for testing, HA and other system administration.
apt-get install \
apt-file firmware-linux-nonfree ifenslave lynx \
ntp nut screen setserial snmp snmp-mibs-downloader \
sysv-rc-conf tcpdump
I install packages to provide services.
apt-get install \
bacula-fd drupal6 nagios-nrpe-server openssh-server \
snmpd varnish
I install perl modules for MySQL MMM.
apt-get install \
liblog-log4perl-perl libmailtools-perl liblog-dispatch-perl \
iproute libnet-arp-perl libproc-daemon-perl libalgorithm-diff-perl \
libdbi-perl libdbd-mysql-perl
I usually use apt-get to install, but I install MySQL MMM using dpkg.
dpkg -i mysql-mmm-common_2.2.1-1_all.deb mysql-mmm-agent_2.2.1-1_all.deb
I install pressflow using gunzip.
gunzip pressflow-6.19.96.tar.gz
/etc/network/interfaces
I follow this procedure for a different host: add static IP addresses to ifw01. I do not use the values on that page. I use this configuration instead.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # # adm01 network # http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/in... # auto eth0 iface eth0 inet static address 192.168.80.2 netmask 255.255.248.0 # # biz01 network # http://cluster.planetlarg.com/drupal6/car-size-cluster-reference/ip-addr... # auto eth1 iface eth1 inet static address 192.168.0.7 network 192.168.0.0 netmask 255.255.248.0 gateway 192.168.0.1 # # biz02 network # http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/in... # auto eth2 iface eth2 inet static address 192.168.40.4 netmask 255.255.248.0 # # bond the biz networks # see http://cluster.planetlarg.com/car-size-cluster-build/add-ha-high-availab... # auto bond0 iface bond0 inet static pre-up modprobe bond0 address 192.168.0.6 netmask 255.255.248.0 gateway 192.168.0.1 up ifenslave bond0 eth1 eth2 down ifenslave -d bond0 eth1 eth2 # # web server interfaces # http://cluster.planetlarg.com/drupal6/car-size-cluster-reference/ip-addr... # auto bond0:1 iface bond0:1 inet static address 192.168.3.2 network 192.168.0.0 netmask 255.255.248.0 #
/etc/udev/rules.d/70-persistent-net.rules
I match interfaces with labels on ics01.
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0b:db:c8:65:61", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x10ec:0x8169 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:e0:4c:89:35:de", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
# PCI device 0x10ec:0x8139 (8139too)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:2e:cb:ac:e0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
/etc/resolv.conf
domain planetlarg.com search planetlarg.com nameserver 192.168.80.7
/etc/hosts
127.0.0.1 ics01 localhost.localdomain localhost 127.0.1.1 ics01.planetlarg.com ics01 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
/etc/apt/sources.list
The non-free folder is where I get firmware for my ethernet cards.
# # clean install # # deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main #deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main deb http://ftp.uk.debian.org/debian/ squeeze main deb-src http://ftp.uk.debian.org/debian/ squeeze main deb http://security.debian.org/ squeeze/updates main deb-src http://security.debian.org/ squeeze/updates main deb http://ftp.uk.debian.org/debian/ squeeze-updates main deb-src http://ftp.uk.debian.org/debian/ squeeze-updates main
/etc/apt/apt.conf.d/10periodic
I add unattended updates to ics01
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "5"; APT::Periodic::Unattended-Upgrade "1";
/etc/apt/apt.conf.d/02proxy
Acquire::http { Proxy "http://192.168.80.1:3142"; };
/etc/nut/upsmon.conf
I add the NUT application to ics01.
... # # my configuration # MONITOR ifw03@192.168.80.1 1 monmaster Pa55w0rd1 master # ...
/etc/bacula/bacula-fd.conf
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 2.4.4 (28 December 2008) -- debian 5.0
#
# There is not much to change here except perhaps the
# File daemon Name to
#
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = ifw03-dir
Password = "Pa55w0rd-for-file-storage"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = ifw03-mon
Password = "Pa55w0rd-for-tray-monitor"
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = ifw03-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/bacula
Maximum Concurrent Jobs = 20
FDAddress = ifw03-adm01
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = ifw03-dir = all, !skipped, !restored
}
/home/issalarg/.ssh/authorized_keys
I use public key authentication for SSH.
# # not really my key from xcl01 # ssh-rsa ABcdB3NEAAAABIwAAAQYf0IgVazrDZV5hZMKbSGKoEDYifqEb7fRAg8FwRLn/VAXVBD8OPPZuQlld/0SYLucKgW9yu82QcnhgQj+ymDehZQu+gGRCnLK17ZzYfe6hyQgvdRBnS/6jumUPRrwBCxfOz3YpPYQXW3xoD6DF7Ma7QW1sldIyCpxsy70ehunW5h4WEC8p7S+rIrw6FGU8wAHR+w== issalarg@xcl01
/var/www/infrastructure/host1
I create test pages for the web server on ics01
ics01
/var/www/ldirectord.html
I create test pages for the web server on ics01
ldirectord test
/etc/aliases
... issalarg: idc@planetlarg.net
/etc/snmp/snmpd.conf
... com2sec readonly default public ...
/etc/default/snmpd
... SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid ics01-adm01' ...
/etc/nagios/nrpe_local.cfg
allowed_hosts=192.168.80.1
/etc/mysql/my.cnf
... bind-address = 0.0.0.0 ...
/etc/mysql/conf.d/replication.cnf
I add mysql replication configuration to ics01.
[mysqld] # # http://mysql-mmm.org/mmm2:guide server_id = 1 log_bin = /var/log/mysql/mysql-bin.log log_bin_index = /var/log/mysql/mysql-bin.log.index relay_log = /var/log/mysql/mysql-relay-bin relay_log_index = /var/log/mysql/mysql-relay-bin.index relay-log-info-file = /var/lib/mysql/mysql-relay-bin.info expire_logs_days = 10 max_binlog_size = 100M log_slave_updates = 1
/etc/default/mysql-mmm-agent
... ENABLED=1 ...
/etc/mysql-mmm/mmm_agent.conf
... this db1 ...
/etc/mysql-mmm/mmm_common.conf
/etc/drupal/6/sites/default/dbconfig.php
<?php ## ## database access settings in php format ## automatically generated from /etc/dbconfig-common/drupal6.conf ## by /usr/sbin/dbconfig-generate-include ## Wed, 15 Dec 2010 20:45:38 +0000 ## ## by default this file is managed via ucf, so you shouldn't have to ## worry about manual changes being silently discarded. *however*, ## you'll probably also want to edit the configuration file mentioned ## above too. ## $dbuser='drupal6'; $dbpass='Pa55w0rd'; $basepath=''; $dbname='drupal6'; $dbserver='192.168.1.2'; $dbport='3306'; $dbtype='mysql';
/etc/apache2/ports.conf
... NameVirtualHost * Listen 80 Listen 8080 ...
/etc/varnish/default.vcl
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
sub vcl_recv {
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
// Remove has_js and Google Analytics cookies.
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+)=[^;]*", "");
// To users: if you have additional cookies being set by your system (e.g.
// from a javascript analytics file or similar) you will need to add VCL
// at this point to strip these cookies from the req object, otherwise
// Varnish will not cache the response. This is safe for cookies that your
// backed (Drupal) doesn't process.
//
// Again, the common example is an analytics or other Javascript add-on.
// You should do this here, before the other cookie stuff, or by adding
// to the regular-expression above.
// Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
// Remove empty cookies.
if (req.http.Cookie ~ "^\s*$") {
unset req.http.Cookie;
}
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
// Skip the Varnish cache for install, update, and cron
if (req.url ~ "install\.php|update\.php|cron\.php") {
return (pass);
}
// Normalize the Accept-Encoding header
// as per: http://varnish-cache.org/wiki/FAQ/Compression
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
remove req.http.Accept-Encoding;
}
elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
}
else {
# Unknown or deflate algorithm
remove req.http.Accept-Encoding;
}
}
// Let's have a little grace
set req.grace = 30s;
return (lookup);
}
sub vcl_hash {
if (req.http.Cookie) {
set req.hash += req.http.Cookie;
}
}
// Strip any cookies before an image/js/css is inserted into cache.
sub vcl_fetch {
if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
// This is for Varnish 2.0; replace obj with beresp if you're running
// Varnish 2.1 or later.
unset obj.http.set-cookie;
}
}
sub vcl_error {
// Let's deliver a friendlier error page.
// You can customize this as you wish.
set obj.http.Content-Type = "text/html; charset=utf-8";
synthetic {"
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>"} obj.status " " obj.response {"</title>
<style type="text/css">
#page {width: 400px; padding: 10px; margin: 20px auto; border: 1px solid black; background-color: #FFF;}
p {margin-left:20px;}
body {background-color: #DDD; margin: auto;}
</style>
</head>
<body>
<div id="page">
<h1>Page Could Not Be Loaded</h1>
<p>We're very sorry, but the page could not be loaded properly. This should be fixed very soon, and we apologize for any inconvenience.</p>
<hr /> <h4>Debug Info:</h4>
<pre>
Status: "} obj.status {"
Response: "} obj.response {"
XID: "} req.xid {"
</pre>
<address><a href="http://www.varnish-cache.org/">Varnish</a></address>
</div>
</body>
</html>
"};
deliver;
}
/var/spool/cron/crontabs/root
# DO NOT EDIT THIS FILE - edit the master and reinstall. # (/tmp/crontab.0BUEfI/crontab installed on Fri Dec 17 01:37:53 2010) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) # m h dom mon dow command 55 23 * * * /sbin/poweroff
