Apache Varnish ssl

You want to use apache with varnish and ssl. Let´s start.


First install Varnish 6

Please Look here for install Varnish on Ubuntu/Debian

https://packagecloud.io/varnishcache/varnish41/install#manual-deb

replace trusty with bionic

root@remote:~# cat /etc/apt/sources.list.d/varnishcache_varnish60.list
deb https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
deb-src https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main

 

Install Varnish 6

apt-get install varnish

2018-10-05 09_39_15-root@remote - byobu

 

 

start and enable Varnish as service

sudo systemctl start varnish.service

sudo systemctl enable varnish.service

2018-10-05 09_40_55-root@remote - byobu

Attention look here for more information about Varnish and Systemd

https://docs.varnish-software.com/tutorials/configuring-systemd-services/

Next Step we configure Varnish

 

systemctl edit varnish.service

 

Insert following, feel free do adjust your memory settings

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -p first_byte_timeout=600

2018-10-05 09_52_54-root@remote - byobu

we create a full replacement of varnish.service

systemctl edit --full varnish.service

Make your changes and save the file. After saving we reloading the systemd config

systemctl daemon-reload

 

You can also adjust /etc/varnish/default.vcl for Browser caching or anything else
https://konkretor.com/2017/05/29/leverage-browser-caching-with-varnish/

 

That´s it for install and adjust Varnish

Install Apache with SSL

apt-get install apache2

 

We create a redirect from http to https

vim /etc/apache2/sites-available/redirect.conf

 

<Virtualhost vhost.example.com>
ServerName vhost.example.com
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
</Virtualhost>

 

We create a new vhost file with rondtrip.conf, we running the static site with port 8080

vim /etc/apache2/sites-available/roundtrip.conf

 

<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

 

We create a new vhost file for ssl

vim /etc/apache2/sites-available/ssl.conf

 

<VirtualHost *:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/sslcert.key
SSLCertificateFile /etc/ssl/private/sslcert.crt
# SSLCertificateChainFile /eDigiCertCA.crt
</VirtualHost>

 

we delete the default site, we don´t need it

rm /etc/apache2/sites-enabled/000-default.conf

 

We are enable the apache config

a2ensite redirect.conf
a2ensite ssl.conf
a2ensite roundtrip.conf

We are enable port 8080

vim /etc/apache2/ports.conf

add

Listen 8080

Enable some modules that we need

a2enmod proxy
a2enmod proxy_http
a2enmod headers

Check your Apache Config

apachectl configtest

Restart your Apache

systemctl restart apache

 

That´s it!

forcing oft mime type file to download

Apache is sometimes nice and sometimes ugly. Show me the ugly Apache 🙂

I have a webserver with Apache and some files doc, pdf and “oft” outlook template file.
Internet Explorer open “oft” directly without prompting and show the source code of the file.

add to your apache2.conf file following

AddType application/octet-stream .oft oft

Check your apache conf file that is allowed to use htaccess file

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

we need two mods, rewrite and headers, very often rewrite is enable, headers not so often. When you not have enable headers you will get a 500 server error from Apache.

enable headers with

a2enmod headers

apachectl restart

 

place your .htaccess file in your www data folder /var/www/

You need following content, this works with all other extension that you will be force to download

<FilesMatch “\.(.oft|OFT)$”>
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>

 

That´s it