somerorbay.com

T-Shirt From Hurricane Electric For IPv6 Certification

Print PDF

Written by somer orbay | 28 March 2012

I just received my T-Shirt from Hurricane Electric and i`m loving it!!!

 

 

 

Hurricane Electric IPv6 Certification Program

Print PDF

Written by somer orbay | 07 February 2012

My IPv6 Certification Scorecard

 

I just got my certificate from Hurricane Electric, if you are a system administrator you should check it at Hurricane Electric IPv6 Certification Program its useful and entertaining :) They even send you a cool t-shirt with ipv6 stuff on it for free!!!

 

Here is the list of the IPv6 Sages by their countries IPv6 Sages By Countries

 

As you can see there is only 5 IPv6 Sages in Turkey for now. Turkish Sysadmins, what are you waiting for ?

 

IPv6 Sages In ASIA

Haproxy To Squid, Squid To Nginx Getting Real Ip X-Forwarded-For

Print PDF

Written by somer orbay | 03 January 2011

I have haproxy on port 82, squid on port 83 and nginx on port 81 (All on same Ip). Haproxy is sending x-forwarded-for (We have talked about this earlier), Squid is getting correct ip and logging it and sending x-forwarded-for to nginx.

 

Now all sounds good ?

 

No, not really. Nginx cant read the correct ip from squid, instead it gets the squid`s ip. According to squid manual it says to enable forwarded_for on to pass the header to backends but the problem is we now have multiple headers coming from different ports on same ip.

 

So i thought that i could just get the header from haproxy not from squid so squid must not touch the header in any way.

 

I found the solution at the documentation http://www.squid-cache.org/Doc/config/forwarded_for/

 

Changes in 3.1 forwarded_for

New setting options. transparent, truncate, delete.

        If set to "transparent", Squid will not alter the
        X-Forwarded-For header in any way.

        If set to "delete", Squid will delete the entire
        X-Forwarded-For header.

        If set to "truncate", Squid will remove all existing
        X-Forwarded-For entries, and place itself as the sole entry.

I have just put the "forwarded_for transparent"  in my squid.conf and now nginx reads and logs correct ips via its realip module.

According to manual it says this is only available in squid 3.1 and later versions but i tested this on Squid Cache: Version 2.7.STABLE3 and it worked fine.

Nginx proxy_cache_bypass fastcgi_cache_bypass proxy_no_cache dont cache logged in users

Print PDF

Written by somer orbay | 07 September 2011

Nginx

 

 

 

Content caching, its the most used way to speed up the dynamic or static pages on a website but what happens if you want to have your visitors see the cached content and logged in users (Members) to have the content from the backend server (Non cached), here comes the fastcgi_cache_bypass - fastcgi_no_cache or proxy_cache_bypass - proxy_no_cache.

 

in order to apply this, you need to find out which cookies your script sets when a user logs in, in my case the cookie was "mnm_key" so i used this location block to seperate guests and members from caching.

 

 

location / {



proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass              http://here-comes-the-ip-or-domain;

proxy_no_cache $cookie_mnm_key;
proxy_cache_bypass $cookie_mnm_key;
proxy_pass_header "Set-Cookie";
proxy_pass_header "Cookie";

proxy_ignore_headers "Cache-Control" "Expires";

proxy_cache_key         $uri$is_args$args;

proxy_cache  proxy_buzz;
proxy_cache_use_stale updating error timeout invalid_header http_500;
proxy_cache_valid 200 5m;
proxy_cache_valid 303 302  1s;

error_page              502 503 /usr/local/www/nginx-dist/50x.html;
}

 

Notice that i used only 5 minutes for the cache refresh interval, thats because my site gets updated oftenly and frontpage needs to be recent. If your site is getting updated daily you can use 1d for the valid 200 response.

 

Now, for guests the site is cached for 5 minutes and members see no cached content as they are being served directly from the backend.

Squid in front of apache or nginx password protection problem .htpasswd not working

Print PDF

Written by somer orbay | 02 January 2011

I have been using squid to cache everything from Nginx so that i can reduce the heavy load on the server but there has been an important problem regarding authentication.

 

When someone go to a password protected page (http://domain.com/pass_protected_area) server prompts for user name and password but even you enter correct information it does not accept and re-prompt same authentication screen.

 

This problem is because squid is not trusting the upstream user/password authentication therefore it does not accept it and loop goes on.

 

Solution:

 

Add following to your cache_peer line in your squid.conf

 

login=PASS

 

And then reload squid

 

squid -k reconfigure

 

That is it, no more problems with user/password, also applies to Apache.

More Articles...