OpenProxy is an open source http proxy stack that is a combination of Varnish Cache and Nginx.
Introduction
The main goal of the OpenProxy project is to create a high-performance open source http and https proxy server for production environments.
If you don't want to use both services at the same time, nothing prevents you from using the configurations only for a specific service.
Varnish Cache
Before using the Varnish Cache please read Introduction.
Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x, depending on your architecture.
To increase your knowledge, read Varnish Documentation.
Varnish Cache with OpenProxy
The next step should be to read the Varnish Cache OpenProxy documentation.
Nginx
Before using the Nginx please read Beginner’s Guide.
Nginx (/ˌɛndʒɪnˈɛks/ EN-jin-EKS) is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, originally written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VK, and Rambler.
To increase your knowledge, read Nginx Documentation.
Nginx with OpenProxy
The next step should be to read the Nginx OpenProxy documentation.
Installation
Remember to make a copy of the current configuration and all files/directories.
It's very simple - full directory sync:
rsync -avur --delete lib/nginx/ /etc/nginx/
rsync -avur --delete lib/varnish-cache/ /etc/varnish/For leaving your configuration (not recommended) remove --delete rsync param.
Configuration
Initializing new domain
Varnish Cache
Added your domain definitions to default.vcl:
### BACKENDS DEFINITION
include "/etc/varnish/master/domains/your.domain/backends.vcl";
### DOMAINS DEFINITION
include "/etc/varnish/master/domains/your.domain/main.vcl";Clone to your domain directory:
cd /etc/varnish/master/domains
cp -R example.com/ your.domainand replace example.com to your domain name:
cd your.domain
sed -i 's/example.com/your.domain/g' *
sed -i 's/example_com/your_domain/g' *Remember to adjust the configuration to your needs.
Nginx
Added your domain definitions to domains.conf:
cd /etc/nginx/master/
cat >> domains.conf << __EOF__
# Configuration for your.domain domain.
include /etc/nginx/master/_domains/your.domain/servers.conf;
include /etc/nginx/master/_domains/your.domain/backends.conf;
__EOF__
cd _domains
cp -R example.com/ your.domainand replace example.com to your domain name:
cd domains/your.domain
sed -i 's/example.com/your.domain/g' *
sed -i 's/example_com/your_domain/g' *Remember to adjust the configuration to your needs.
Aliases
Import aliases from lib/etc/skel/aliases to your shell init file and reload shell session with exec $SHELL -l.
Error pages
For example:
cd /usr/share/www/
git clone https://github.com/trimstray/http-error-pages && cd http-error-pages
./httpgenBefore init services
- reinit systemd configuration:
systemctl daemon-reload - adjust
/etc/default/varnish
Maintenance
Varnish Cache
Show config params
varnishadm param.show
varnishadm param.show max_retriesShow boot configuration
varnishadm vcl.show bootCompile new configuration
varnishadm vcl.load config_name /etc/varnish/default.vclLoad new configuration
varnishadm vcl.use config_nameShow backend list
varnishadm backend.listDrop objects from cache
varnishadm ban req.http.host == example.com
varnishadm ban "req.http.host == example.com && req.url == /backend.*"Show backends health
varnishlog -g raw -i Backend_healthShow all requests (without filters)
varnishlog -g requestShow all requests and responses (raw format)
varnishlog -g rawShow requests with specific Host header
varnishlog -g request -q "ReqHeader eq 'Host: example.com'" -i Begin,ReqMethod,ReqUrl,ReqHeaderShow requests with specific User-Agent header
varnishlog -g request -q "ReqHeader eq 'User-Agent: x-bypass'"Show requests with HTTP 200 status
varnishlog -i BackendOpen,BereqURL -q "BerespStatus == 200"Show requests with HTTP 503 status from backends
varnishlog -d -q 'RespStatus == 503' -g requestShow requests with Backend Fetch Error
varnishlog -b -q 'FetchError'External resources
Varnish Cache
Base
🔸 Varnish HTTP Cache Project
🔸 Varnish Cache source code repository
🔸 Varnish Dashboard
🔸 Varnish 4.0 Template
🔸 Varnish 5.0 Template
🔸 Getting started with web app accelerator Varnish Cache
Cheatsheets
🔸 Varnish Regexp
🔸 VCL regular expression cheat sheet
🔸 5 Basic Tips to Using Regular Expressions in Varnish
🔸 Varnishlog: measure your Varnish cache performance
Performance & Hardening
🔸 Protect your websites with Varnish rules
🔸 Collection of Varnish Cache modules (vmods) by Varnish Software
Nginx
Base
🔸 Nginx Project
🔸 Nginx official read-only mirror
🔸 Nginx boilerplate configs
🔸 Awesome Nginx configuration template
🔸 Nginx static analyzer
🔸 A collection of resources covering Nginx and more
Cheatsheets
🔸 Nginx Cheatsheet
🔸 Nginx Quick Reference
🔸 Nginx Cheatsheet by Mijdert Stuij
Performance & Hardening
🔸 WAF for Nginx
🔸 ModSecurity for Nginx
🔸 How to Build a Tough NGINX Server in 15 Steps
🔸 Top 25 Nginx Web Server Best Security Practices
🔸 Strong SSL Security on Nginx
🔸 Nginx Tuning For Best Performance by Denji
🔸 Enable cross-origin resource sharing (CORS)
Comparison
🔸 BBC Digital Media Distribution: How we improved throughput by 4x
🔸 Web cache server performance benchmark: nuster vs nginx vs varnish vs squid
Performance Analyzers
🔸 ngxtop
Log Analyzers
🔸 GoAccess
🔸 Graylog
🔸 Logstash
Online tools
🔸 Online tool to learn, build, & test Regular Expressions
🔸 Online Regex Tester & Debugger
🔸 SSL Server Test
🔸 Strong ciphers for Apache, Nginx, Lighttpd and more
🔸 Analyse the HTTP response headers by Security Headers
🔸 Analyze your website by Mozilla Observatory
from https://github.com/fo0nikens/OpenProxy
No comments:
Post a Comment