Skip to content

Instantly share code, notes, and snippets.

@avanheuvelen
Last active August 29, 2015 14:11
Show Gist options
  • Save avanheuvelen/ad479a04d4f19bf19a32 to your computer and use it in GitHub Desktop.
Save avanheuvelen/ad479a04d4f19bf19a32 to your computer and use it in GitHub Desktop.
Varnishncsa 3.0 init script with support for logging the forward proxy IP.

Introduction

This modified varnishncsa init script gives us support for properly logging an x-forwarded-for IP address. The original script is taken from an Ubuntu 14.04.01 machine with Varnish 3.0.5-2.

These are the changes in patch format:

--- /proc/self/fd/11    2014-12-22 17:40:12.102969345 +0100
+++ /proc/self/fd/13    2014-12-22 17:40:12.102969345 +0100
@@ -20,7 +20,8 @@
 PIDFILE=/var/run/$NAME/$NAME.pid
 LOGFILE=/var/log/varnish/varnishncsa.log
 USER=varnishlog
-DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE}"
+LOGFORMAT="%{VCL_Log:RealIP}x %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""
+DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE} -F"
 
 # Include defaults if available
 if [ -f /etc/default/$NAME ] ; then
@@ -41,7 +42,7 @@
     log_daemon_msg "Starting $DESC" "$NAME"
     create_pid_directory
     if start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
-        --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} \
+        --chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} "${LOGFORMAT}" \
         > ${output} 2>&1; then
        log_end_msg 0
     else

Installing

To make this work, you need the following in your varnish config:

    if (req.http.X-Forwarded-For) {
        std.log("RealIP:" + req.http.X-Forwarded-For);
    } else {
        std.log("RealIP:" + client.ip);
    }
#! /bin/sh
### BEGIN INIT INFO
# Provides: varnishncsa
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start HTTP accelerator log daemon
# Description: This script provides logging for varnish
### END INIT INFO
# Source function library
. /lib/lsb/init-functions
NAME=varnishncsa
DESC="HTTP accelerator log deamon"
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/$NAME
PIDFILE=/var/run/$NAME/$NAME.pid
LOGFILE=/var/log/varnish/varnishncsa.log
USER=varnishlog
LOGFORMAT="%{VCL_Log:RealIP}x %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""
DAEMON_OPTS="-a -w ${LOGFILE} -D -P ${PIDFILE} -F"
# Include defaults if available
if [ -f /etc/default/$NAME ] ; then
. /etc/default/$NAME
fi
# If unset, or set to "0" or "no", exit
if [ -z "${VARNISHNCSA_ENABLED}" ] || \
[ "${VARNISHNCSA_ENABLED}" = "0" ] || \
[ "${VARNISHNCSA_ENABLED}" = "no" ]; then
exit 0;
fi
test -x $DAEMON || exit 0
start_varnishncsa() {
output=$(/bin/tempfile -s.varnish)
log_daemon_msg "Starting $DESC" "$NAME"
create_pid_directory
if start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
--chuid $USER --exec ${DAEMON} -- ${DAEMON_OPTS} "${LOGFORMAT}" \
> ${output} 2>&1; then
log_end_msg 0
else
log_end_msg 1
cat $output
exit 1
fi
rm $output
}
stop_varnishncsa(){
log_daemon_msg "Stopping $DESC" "$NAME"
if start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--retry 10 --exec $DAEMON; then
log_end_msg 0
else
log_end_msg 1
fi
}
reload_varnishncsa(){
log_daemon_msg "Reloading $DESC" "$NAME"
if kill -HUP $(cat $PIDFILE) >/dev/null 2>&1; then
log_end_msg 0
else
log_end_msg 1
exit 1
fi
}
status_varnishncsa(){
status_of_proc -p "${PIDFILE}" "${DAEMON}" "${NAME}"
exit $?
}
create_pid_directory() {
install -o $USER -g $USER -d $(dirname $PIDFILE)
}
case "$1" in
start)
start_varnishncsa
;;
stop)
stop_varnishncsa
;;
reload)
reload_varnishncsa
;;
status)
status_varnishncsa
;;
restart|force-reload)
$0 stop
$0 start
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|force-reload|reload}"
exit 1
;;
esac
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment