Category Archives: CentOS

How to install Varnish with CPanel and CentOS to cache static content on serve

There are few things you need to do to install Varnish with Cpanel (WHM):

  1. Let Apache listen on port 8080 – you can do it by editing httpd.conf or directly in WHM: Tweak Settings menu -> set value of field Apache non-SSL IP/portto 8080 and Save settings
  1. install Varnish on your server:

Execute commands:

#install varnish repository

rpm -Uvh http://repo.varnish-cache.org/redhat/varnish-3.0/el6/noarch/varnish-release/varnish-release-3.0-1.el6.noarch.rpm

#yum installation of Varnish

yum install varnish

  1. Edit configuration of Varnish /etc/sysconfig/varnish and change value of VARNISH_LISTEN_PORT to 80

VARNISH_LISTEN_PORT=80

  1. Edit Varnish Config: /etc/varnish/default.vcl

Use following content (don’t forget to set correct IP address):

backend default {

  .host = “50.28.31.120”;

  .port = “8080”;

}

sub vcl_recv {

 if (req.url ~ “\.(png|gif|jpg|swf|css|js)$”) {

    return(lookup);

 }

}

# strip the cookie before the image is inserted into cache.

sub vcl_fetch {

 if (req.url ~ “\.(png|gif|jpg|swf|css|js)$”) {

   unset beresp.http.set-cookie;

 }

}

  1. Now start Varnish service on your server:

chkconfig varnish on

service varnish start

  1. Now you are all set.

Now you can monitor your varnish cache e.g. with commandline tool: varnishstat

if you want to make changes to your varnish configuration, test your configuration changes before restarting varnish with following command:

varnishd -C -f /etc/varnish/default.vcl

Basic Server Setup

No matter how new your server or vps is, it is outdated and running old software.  While I am not the best, nor do I know everything this is a base of what I do when I get a new box online.

Again assuming you can SSH into the box.

yum -y install nano
yum -y install yum-priorities
wget http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.3.6-1.el5.rf.*.rpm
rpm -i rpmforge-release-0.3.6-1.el5.rf.*.rpm
wget http://dag.linux.iastate.edu/dag/RPM-GPG-KEY.dag.txt
rpm –import RPM-GPG-KEY.dag.txt

nano /etc/yum.repos.d/dag.repo

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://dag.linux.iastate.edu/dag/redhat/el5/en/$basearch/dag
gpgcheck=1
enabled=1

Save and Exit

yum -y install perl-libwww-perl
yum -y update

chkconfig cups off
chkconfig pcmcia off
chkconfig kudzu off
chkconfig isdn off
chkconfig xfs off
chkconfig atd off
chkconfig nfslock off
chkconfig canna off
chkconfig FreeWnn off
chkconfig cups-config-daemon off
chkconfig iiim off
chkconfig mDNSResponder off
chkconfig nifd off
chkconfig rpcidmapd off
chkconfig bluetooth off
chkconfig anacron off
chkconfig gpm off
chkconfig saslauthd off
chkconfig avahi-daemon off
chkconfig avahi-dnsconfd off
chkconfig hidd off
chkconfig pcscd off
chkconfig sbadm off
chkconfig ossec off
chkconfig acpid off
chkconfig dhcpd off
chkconfig firstboot off

mkdir /root/source
cd /root/source
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

nano /etc/csf/csf.conf

Change TESTING=”1″ to TESTING=”0″
AUTO_UPDATES=”0″ to AUTO_UPDATES=”1″

TCP_IN = “20,21,22,25,26,37,43,53,80,106,110,113,143,443,465,587,873,990,993,995,1129,2077,2078,2082,2083,2086,2087,2095,2096,3306,5224,5432,7777,7778,8443,8880,8888,8889,9080,10000,30000:35000”
TCP_OUT = “20,21,22,25,26,37,43,53,80,106,110,113,143,443,465,587,873,990,993,995,1129,2077,2078,2082,2083,2086,2087,2095,2096,3306,5224,5432,7777,7778,8443,8880,8888,8889,9080,10000”
UDP_IN = “20,21,53,953”
UDP_OUT = “20,21,53,113,123,953,33434:33523”

service csf restart
service lfd restart

reboot

. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
(i) Pureftpd
open /etc/pure-ftpd.conf, and this line
PassivePortRange    30000 35000
(ii) ProFTP
Open /etc/proftpd.conf, and add this line
PassivePorts    30000 35000

Now there are many other things you can do, root kit hunters and log rotators and more. However depending on your needs this alone will get you off to a good start.