Recent comments

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    Oh interesting! I never knew Varnish could listen on many. That itself brings even more flexibility to the table; perhaps I'll throw Varnish in front of some more services! The method described on the other blog seems to get round using a different hash key by using ports instead; many ways to skin a cat!

    If all requests come in via HTTPS then there'll be no issues with HTTP resources leaking in (unless specifically stated in the markup of the site). Resources and internal links created with relative links or without schema (//example.com) should be served by default with the same schema that the site is accessed by.

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    Yes, updating Varnish takes *me* too long. More skilled people well get there quicker! Still it was annoying having to change vcl from Varnish 2 - 2.1 - 3.0 - 4.0 (not that I need 4 but you get it anyway if relying on apt-get, unless you make a point of asking for 3.0).

    I guess if I redirect all traffic to https, there is no risk of mixed http and https in static resources?

    Getting Varnish listening on two ports: "DAEMON_OPTS="-a :9080,:9443 \" (thanks to http://blog.ajnicholls.com/varnish-apache-and-https/ for that).

    In case others are scratching their heads over updating the vlc snippet in the article I linked for Varnish 4.0, here it is.
    Varnish 3 version:
    sub vcl_recv {
    # Set the director to cycle between web servers.
    if (server.port == 9443) {
    set req.backend = default_ssl;
    ....

    Varnish 4 version:
    # add to header
    import std;
    # no change needed to setting up a backend default_ssl

    sub vcl_recv {
    # change syntax as follows
    if (std.port(server.ip) == 9443) {
    set req.backend_hint = default_ssl;

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    Using vcl_hash stores the HTTP traffic and the HTTPS traffic with separate cache hashes. If the same hash key is used, the a request to http://example.com will be equivalent to one for https://example.com.

    This is undesirable if a user expects an SSL page and then receives static assets from a non-SSL source. Usually browsers prohibit this and pages can look unstyled or be missing media assets.

    Altering the hash key generated within vcl_hash (which gets called anyway after vcl_recv) allows us to keep SSL and non-SSL apart even with mixed mode traffic.

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    I wouldn't say Varnish is in a state of flux. Varnish 3 has been around as a stable release for over three years now and I doubt will be obselete any time soon. 

    Changing a .crt and .key into a .pem is just a case of concatenating the files (provided they're in pem format).

    I usually keep redirects in .htaccess and then add a conditional in my VCL to cache 301s for a bit to keep them from hitting the web.

    I've not actually heard of Varnish being able to distinguish the port a request is coming in on. Wouldn't that require it bind to more than just port 80 for mixed mode traffic? Most methods that pass data through Varnish will pipe it into port 80 anyway (the Pound method does just that in its backend declaration).

    I use nginx locally for development, and to keep myself in touch with the configs. One of the reasons I like Pound is that it's very limited in its scope. It does a couple of things and is overall pretty simple. If you're running a large hosting platform, like Acquia, then some of the additional features nginx provides will totally make the difference. For my limited purposes (and the limited memory on my tiny servers), Pound keeps it simple. 

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    Thank you for share your tip. Today i use ssl with apache mod_ssl, but i will migrate to Pound soon.

    I dont understand if is really necessary use vcl_hash. If i want to detect request from Pound i can check header from vcl_recv, right?

  • Reply to: Why Pound is awesome in front of Varnish   5 years 2 weeks ago

    I set up a Pound > Varnish > Apache setup a couple of days ago. It was kindof a pain, the constant flux in Varnish VCL (it just changed again in Varnish 4) being one problem, turning the SSL cert. into a .pem which Pound recognized being another, and setting up and debugging redirects (variously in Apache conf., in .htaccess, and in the .vcl) was a third.

    I followed a suggestion where Varnish tests for incoming port, rather than the "X-Forwarded-Proto: https", to identify HTTPS requests: do you think there is any reason to prefer one or the other?

    After getting the whole thing working, I started to think, 'what was all that about? nginx could have done it far more simply. It is a pity no one seems to have done any benchmarks. Like you I happen to like Apache and Varnish, and am less keen on or familiar with nginx, but that is not a good enough reason to use an over-complex and possibly less efficient setup, with three pieces of software (where using Pound to detect https is pretty much a hack to deal with a Varnish shortcoming) instead of one piece of software.

  • Reply to: Wenatex: How I was invited to a free dinner   5 years 3 weeks ago

    Hi, Googled Wenatex and found your blurb and the others who DIDN'T respond to the invite. Thank you one and all. Much appreciated. I have better things to do with my time, and like so many, we are becoming more and more savvy about these unsolicited rorts.

  • Reply to: Wenatex: How I was invited to a free dinner   5 years 4 weeks ago

    Thank you! I have just googled (like you did) & come across your blog which explains everything I wanted to know! Seeing my husband and I are both hopeless at saying thanks but no thanks and are easily guilted into buying stuff we don't need nor really afford from salespeople, I shall file it under R for recycle. Thank you

  • Reply to: Wenatex: How I went to a free dinner   5 years 1 month ago

    Thank you for providing this insightful review about Wenatex Events. Wenatex has been calling me for the last 3 months to come to a seminar about sleep. I have researched the company but I still feel skeptic about the whole idea and I don't think I'm willing to give up my 4 hours only to fall asleep and plus its out of my budget. My invite was to the Salisbury North Football Club in Adelaide where the food looks like decent pub food. I think I will pass on the invite

  • Reply to: Wenatex: How I went to a free dinner   5 years 1 month ago

    So, if it's being so (?) maybe a good nap should be had b4 everybody leaves these shows,then? LMBAOROTF

Pages