Ubuntu 18/Varnish 4.x
I'm not sure what I'm missing.
The documentation (http://manpages.ubuntu.com/manpages/xenial/en/man7/varnish-cli.7.html) seems to suggest:
...
backend.list [-p] [<backend_expression>]
List backends.
...
Backend Expression
A backend expression can be a backend name or a combination of backend name, IP address
and port in "name(IP address:port)" format.
...
However, I don't know if I'm missing something because I can't pass an IP address or port seemingly in Ubuntu 18 to list or set to auto/sick:
varnish> backend.list *www*
200
Backend name Admin Probe Last updated
xxx-www-5 probe Healthy 5/5 Fri, 22 Oct 2021 08:36:34 GMT
xxx-www-5http probe Healthy (no probe) Sat, 16 Oct 2021 18:52:41 GMT
varnish> backend.list *10.105*
200
Backend name Admin Probe Last updated
varnish>
Other relevant information:
Varnish config:
...
backend xxx-www-5 {
.host = "xxxweb05";
.port = "xxx443";
...
}
backend xxx-www-5http {
.host = "xxxweb05";
.port = "xxx80";
...
}
...
$ nslookup xxxweb05
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: xxxweb05.xxx.com
Address: 10.105.xxx.xxx
I tried filtering on IP address and port myself on an Ubuntu Trusty Docker container on which I installed Varnish 4.1.
It didn't work and I only managed to filter on the backend name.
However, Varnish 4 is dead and burried. It's EOL, doesn't offer any more support and bugfixes and has some known security issues.
Please use Varnish 6: either the 6.0 LTS version or any of the new feature releases.
That being said, the more recent documentation for this feature no longer lists IP addresses or ports. See http://varnish-cache.org/docs/6.0/reference/varnish-cli.html#backend-pattern.
I guess this feature is no longer supported in recent version and didn't seem to work well on Varnish 4 either.
My advice: install Varnish 6.0 LTS as described on https://www.varnish-software.com/developers/tutorials/installing-varnish-ubuntu/ and forget the IP/port filter for backend.list ever existed.
Related
Sorry if this is a newbie question. I have been searching and can't seem to figure this out.
I am trying to move a PHP webapp from Plesk, to RunCloud. Both are hosted on a Digital Ocean server.
I exported the database from Plesk, and imported it into RunCloud. After updating the config, it only partially works. Some of the tasks read data, a few seem to write, but a majority just break it.
The strange thing is, if I point the config file to the Plesk server, the app works great using it as a remote database.
Here is from the PHPMyAdmin. The only thing that looks fishy is UNIX, vs TCP. But I cannot find a way to change RunCloud to UNIX.
I would copy the errors, but they are across the board. Any ideas? Thank you so much!
PHPMyAdmin Plesk Server:
Server: Localhost via UNIX socket
Server type: MariaDB
Server connection: SSL is not being used Documentation
Server version: 10.1.48-MariaDB-0ubuntu0.18.04.1 - Ubuntu 18.04
Protocol version: 10
User: prod#localhost
Server charset: UTF-8 Unicode (utf8mb4)
From RunCloud Server:
Server: 127.0.0.1 via TCP/IP
Server type: MariaDB
Server connection: SSL is not being used Documentation
Server version: 10.4.21-MariaDB-1:10.4.21+maria~focal-log - mariadb.org binary distribution
Protocol version: 10
User: prod#localhost
Server charset: UTF-8 Unicode (utf8)
As a newbie, I learned that 10.1 and 10.4 were rather different. I then went through each error to see if I could find the change on the MariaDB update guide (which is great). Somehow, I came across this post: error code 1292 incorrect date value mysql. It was the zero date. I just added the line in my.cnf that it suggested. Fixed!!!
I installed Kong (Kong proxy+kong ingress controller) over Kubernetes/Kubesphere cluster with Istio mesh inside, and I added annotations and ingress types needed, so am able to access only the Kong Proxy at node exposed IP and port, but am unable neither add rules nor access Admin GUI or do any kind of configuration, every request I do to my Kong end-point like
curl -i -X GET http://10.233.124.79:8000/rules
or any kind of request to the proxy, I get the same response of:
Content-Type: application/json; charset=utf-8 Connection: keep-alive
Content-Length: 48 X-Kong-Response-Latency: 0 Server: kong/2.2.0
{"message":"no Route matched with those values"}
Am not able to invoke Admin API, its pod-container is only listening to 127.0.0.1, my environment var's for kong-proxy pod
KONG_PROXY_LISTEN
0.0.0.0:8000, 0.0.0.0:8443 ssl http2
KONG_PORT_MAPS
80:8000, 443:8443
KONG_ADMIN_LISTEN
127.0.0.1:8444 ssl
KONG_STATUS_LISTEN
0.0.0.0:8100
KONG_DATABASE
off
KONG_NGINX_WORKER_PROCESSES
2
KONG_ADMIN_ACCESS_LOG
/dev/stdout
KONG_ADMIN_ERROR_LOG
/dev/stderr
KONG_PROXY_ERROR_LOG
/dev/stderr
And env. var's for ingress-controller:
CONTROLLER_KONG_ADMIN_URL
https://127.0.0.1:8444
CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
true
CONTROLLER_PUBLISH_SERVICE
kong/kong-proxy
So how to be able to expose Admin GUI over the mesh over the nodeport and how to able to invoke Admin API, to add rules, etc?
Yes, first you should add rules.
You can directly add routers in KubeSphere. See the documentation for more info.
I'm using Docker for Windows( I am not using Docker Toolbox that use a VM) but I cannot see my container from another machine on local network. In my host everything is perfect and runs well,however, I want that other people use my container.
Despite being posting the same question in Docker's Forum , The answer was not show it. Plus, I have been looking for here but the solutions found it are about setting up the bridge option in the virtual machine , and as I said before, I am using Docker for windows that no use Virtual machine.
Docker version Command
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built: Thu Jul 28 21:15:28 2016
OS/Arch: windows/amd64
Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built: Thu Jul 28 21:15:28 2016
OS/Arch: linux/amd64
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
789d7bf48025 gogs/gogs "docker/start.sh /bin" 5 days ago Up 42 minutes 0.0.0.0:10022->22/tcp, 0.0.0.0:5656->3000/tcp gogs
7fa7978996b8 mysql:5.7.14 "docker-entrypoint.sh" 5 days ago Up 56 minutes 0.0.0.0:8989->3306/tcp mysql
The container I want to use is gogs that is working in the port 5656.
When I use localhost:5656 y 127.0.0.1:5656 work properly, but when I use My local network IP (192.168.0.127) from other machine the container is unreachable.
Thanks in advance.
Solution:
When I installed Docker for Windows, it creates a network called vEthernet (DockerNAT) (Usually with the ip 10.0.75.1)
My local machine had a network called local area connection with the ip 192.168.0.172(With this ip I was trying to access from other PCs).
So far, My local Machine had Two networks Conections so that I went to Control panel > NetWork and Sharing center > Change Adapter Settings I selected the two networks and I right-click selected Add to bridge. That create a Third network called Ethernet.
At this point, I didnt know what was the Ip of Ethernet network, so I executed ipconfig command that show me the ip 192.168.0.17(The settings of local area connection and vEthernet (DockerNAT) disappeared and the ips 10.0.75.1 and 192.168.0.172 stop working).
With this new ip (192.168.0.17) I tried from other machine in the network and finally I could access to the container(192.168.0.17:5656).
In Hyper-V settings, putting "Docker NAT" network in "external" mode worked for me. (I can access to my container on my local network with my host's IP)
Does it possible to check which DNS server used for resolving domain name (in intraned network)? We have many steps: proxy, BigIP, domain controllers, etc.
I have a complicated networks with many DNS server. Sometimes when in browser I use:
http://mysitedomainalias.mydomain.com
I receive web page,
sometime after near 15 minutes I receive error about timeout.
But when I use IP address instead of domain alias I always reach my web page.
So I have decided that it could be a problem with DNS server. I would like to know common way how to resolve similar problems.
On *NIX systems, dig is a standard tool to test and debug DNS servers:
deceze$ dig google.com
...
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 5 IN A 173.194.35.168
google.com. 5 IN A 173.194.35.161
google.com. 5 IN A 173.194.35.169
...
;; Query time: 84 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Mon Jul 14 15:59:05 2014
;; MSG SIZE rcvd: 204
In the last part, SERVER signifies which DNS server answered our request.
Some more things you can then do with dig:
query a specific DNS server instead of the system's default:
$ dig #mydns.example.com google.com
trace each step of the resolution chain to see any problems in the canonical name servers:
$ dig google.com +trace
query specific record types:
$ dig google.com NS
$ dig google.com MX
$ dig google.com ANY
See the manual: http://linux.die.net/man/1/dig
Okay, for some reason this morning, I am unable to connect to the Wordpress SVN repository and execute basic svn commands (e.g. checkout, update).
Here's an example of what's happening:
$ svn co http://svn.automattic.com/wordpress/tags/3.3/
# Adds a bunch of files...
svn: warning: Error handling externals definition for '3.3/wp-content/plugins/akismet':
svn: warning: PROPFIND of '/!svn/vcc/default': could not connect to server (http://plugins.svn.wordpress.org)
Checked out revision 19597.
$ cd 3.3
$ svn update
svn: OPTIONS of 'http://svn.automattic.com/wordpress/tags/3.3': could not connect to server (http://svn.automattic.com)
Yet, when I perform these same commands on a development server I have (a Linode VPS) it works fine.
I've google around about this quite a bit, and found pages like these:
http://vsingleton.blogspot.com/2008/04/svn-propfind-request-failed-on.html
http://wordpress.org/support/topic/cant-connect-to-the-pluginssvnwordpress-server
A lot of these articles say something to effect of, it's your proxy server. Well, I'm not behind a proxy server:
http://whatismyipaddress.com/proxy-check
Proxy server not detected.
IP 24.21.xxxx.xxx
rDNS FALSE
WIMIA Test FALSE
TOR Test FALSE
Loc Test FALSE
Header Test FALSE
DNSBL Test FALSE
Just a regular old Comcast home internet connection.
Also, I can browse the wordpress SVN repository just fine via my browser.
Anyhow, I'm sort of at a dead end here, and I guess I'm wondering if anyone has any suggestions as to how to either solve the issue or work around it? I tried setting up an forward proxy server on the Apache installation I have running on that dev server and then updating my ~/.subversion/server file, but that didn't work or I configured something wrong.
Well, if anyone has any brilliant ideas or explanations, I'd love to hear them...
Update
I had a co-worker test this out on his home connection -- he uses Comcast as well. He got the same error as I did. So it appears to be some Comcast-related issue specific to the Wordpress svn repository. I was able to checkout other public repositories via http (e.g. from Google Code) just fine.
I ran a series of tests and I could not find any hidden proxies or cache servers between me and the repository.
I did run traceroute per Lazy Badgers suggestion, and here's what I got:
$ traceroute svn.automattic.com
traceroute to svn.automattic.com (72.233.56.196), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 0.659 ms 0.292 ms 0.185 ms
2 * * *
3 te-5-7-ur01.hollywood.or.bverton.comcast.net (68.85.150.225) 8.792 ms 8.309 ms 9.054 ms
4 xe-3-1-0-0-ar03.beaverton.or.bverton.comcast.net (68.87.216.33) 14.354 ms 24.859 ms 8.753 ms
5 pos-3-8-0-0-cr01.sacramento.ca.ibone.comcast.net (68.86.95.117) 21.869 ms
pos-3-1-0-0-cr01.sacramento.ca.ibone.comcast.net (68.86.95.113) 21.791 ms
pos-3-0-0-0-cr01.sacramento.ca.ibone.comcast.net (68.86.95.109) 22.983 ms
6 pos-0-7-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.85.46) 23.682 ms 25.043 ms 24.675 ms
7 xe-10-3-0.edge1.sanjose1.level3.net (4.71.118.5) 61.048 ms 23.986 ms 24.221 ms
8 vlan80.csw3.sanjose1.level3.net (4.69.152.190) 25.257 ms 25.648 ms
vlan90.csw4.sanjose1.level3.net (4.69.152.254) 24.310 ms
9 ae-82-82.ebr2.sanjose1.level3.net (4.69.153.25) 24.870 ms
ae-92-92.ebr2.sanjose1.level3.net (4.69.153.29) 25.371 ms
ae-91-91.ebr1.sanjose1.level3.net (4.69.153.13) 24.744 ms
10 ae-34-34.ebr4.sanjose1.level3.net (4.69.153.34) 36.011 ms 25.975 ms 36.053 ms
11 ae-5-5.ebr2.sanjose5.level3.net (4.69.148.141) 25.236 ms 25.307 ms 25.305 ms
12 ae-6-6.ebr2.losangeles1.level3.net (4.69.148.201) 31.299 ms 34.076 ms 33.401 ms
13 ae-3-3.ebr3.dallas1.level3.net (4.69.132.78) 59.012 ms 58.604 ms 60.576 ms
14 ae-83-83.csw3.dallas1.level3.net (4.69.151.157) 59.708 ms 65.724 ms
ae-73-73.csw2.dallas1.level3.net (4.69.151.145) 60.383 ms
15 ae-42-90.car2.dallas1.level3.net (4.69.145.196) 60.636 ms
ae-22-70.car2.dallas1.level3.net (4.69.145.68) 59.572 ms 59.758 ms
16 databank-ho.car2.dallas1.level3.net (4.71.170.2) 58.711 ms 59.994 ms 60.561 ms
I don't know if that's unusual or anything. I tried the same on my dev sever and the result looked mostly similar, save for line 2 with the * * *.
I successfully configured a forward proxy on my dev server so I've hacked together a solution for now, but I still don't quite understand what is afoot...
Update 2
In response to a question, here's how I configured things to use my dev server as a proxy for the time being.
First, I configured apache on my dev server to run as a proxy. Make sure these directives are somewhere in your Apache configuration file chain (httpd.conf, vhosts.d directory, etc.):
Listen 8080
<VirtualHost _default_:8080>
ProxyRequests On
ProxyVia On
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Proxy>
</VirtualHost>
This assumes you have a working Apache set up on a development server somewhere (I would definitely not use this on a production server) with mod_proxy installed. Port 8080 is arbitrary. Basically for an unmatched virtual host (i.e. any request that doesn't match your other hosts you have set up) it will turn proxy on and proxy the request through. Change "xxx.xxx.xxx.xxx" to your own IP address.
Now you have to change the server setting in your subversion config file.
In this file:
~/.subversion/servers
Find this section:
[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
# http-proxy-host = proxy1.some-domain-name.com
# http-proxy-port = 80
# http-proxy-username = defaultusername
# http-proxy-password = defaultpassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
# ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem
Uncomment out http-proxy-host and http-proxy-port. For host use a spare domain name you have mapped to your development server or presumably you could just use your server IP. Then set the port to 8080 or whatever you used.
This should route all subversion http requests via your proxy you just set up. It doesn't affect svn or svn+ssh requests.
This was my quick hack, your mileage may vary, this might be totally insecure or broken, etc.
I have Comcast business both at my home office & the corporate office.
BOTH FAIL TO CONNECT TO THE REPO ON COMCAST.
However, I never have a problem if I go over the Windstream T1 or connect via our live server on multiple backbones.
Comcast appears to be "traffic shaping" and/or monitoring business class traffic and breaking the Internet!
Nice job Comcast!
If you don't have an alternate connection they you may need to use a proxy service and then send Comcast a nasty email about their network filtering.