I have to cache multiple backend servers, I switch from Nginx to Varnish and finally discover 2 server need to run HTTP Basic Authentication. I try this link http://blog.tenya.me/blog/2011/12/14/varnish-http-authentication and it not work for me (they ran Varnish 3) Is there an easy way to configure Basic Authentication in Varnish 4?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
You can use the VMOD basicauth
Install the Varnish VMOD
First you need to install it. Download the source from the Git repo for basicauth. Extract into your homedir e.g. ~/vmod-basicauth/
You'll also need the Varnish source to build the VMOD.
In Debian/Ubuntu type
apt-get source varnish
This will copy the source to your pwd.
Then do this to install it. Note that you need to change the paths according to your setup and version of varnish
cd ~/vmod-basicauth
./configure VARNISHSRC=$HOME/varnish-4.0.2
make
sudo make install
sudo make check
Update It seems like the source have been removed from the Ubuntu and Debian package repos (most likely by accident).
Download the source directly from Git (v4.0.2)
Make Varnish
You'll have to "make" the downloaded source
cd ~
wget https://github.com/varnish/Varnish-Cache/archive/varnish-4.0.2.zip
unzip varnish-4.0.2.zip
cd Varnish-Cache-varnish-4.0.2
sudo ./autogen.sh
sudo ./configure --prefix=/usr
sudo make
Note that you don't have to install the source, so don't "make-install" because that might mess up your current installation.
Build & install VMOD
cd ~
./configure VARNISHSRC=$HOME/Varnish-Cache-varnish-4.0.2
make
sudo make install
sudo make check
It might be that you also have to specify your VMOD install directory if it can't be autodetected. If ./configure fails try this
./configure VARNISHSRC=$HOME/Varnish-Cache-varnish-4.0.2 VMODDIR=/usr/lib/varnish/vmods/
Some build dependencies
I often require alot of different build dependencies so I often install these when I setup a new Varnish server.
sudo apt-get install git-core zlib1g-dev automake build-essential libtool libssl-dev libreadline-dev libyaml-dev libsqlite3-dev ncurses-dev sqlite3 libxml2-dev libxslt1-dev libpcre3-dev libcurl4-openssl-dev python-docutils python-software-properties libvarnishapi-dev
Configure Varnish to use the VMOD
It uses a .htpasswd file for authentication instead of storing the password directly in the VCL.
Make sure to change "/var/www/.htpasswd" to the path of your htpasswd file.
#default.vcl
import basicauth;
sub vcl_recv {
if (!basicauth.match("/var/www/.htpasswd", req.http.Authorization)) {
return(synth(401, "Authentication required"));
}
}
#Prompt the user for a password
sub vcl_synth {
if (resp.status == 401) {
set resp.http.WWW-Authenticate = "Basic";
}
}
回答2:
this also works:
sub vcl_recv {
if (! req.http.Authorization ~ "Basic Zm9vOmJhcg==") {
return(synth(401, "Authentication required"));
}
unset req.http.Authorization
}
sub vcl_synth {
if (resp.status == 401) {
set resp.status = 401;
set resp.http.WWW-Authenticate = "Basic";
return(deliver);
}
}
src: http://blog.tenya.me/blog/2011/12/14/varnish-http-authentication/#comment-2882579903
回答3:
For anyone who follows these steps on Debian Jessie - you may come across a couple of issues when building Varnish from source.
That automake requires subdir-options specified in the configure.ac line 18
AM_INIT_AUTOMAKE([1.11 foreign color-tests parallel-tests subdir-options])The Makefiles in the bin/varnishadm and bin/varnishhist require the variable $(top_srcdir) replaced with ../../ due to a bug in variable expansion in automake (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402727)
varnishadm_SOURCES = \ varnishadm.c \ ../../lib/libvarnish/vas.c \ ../../lib/libvarnish/vsa.c \ ../../lib/libvarnish/vtcp.c \ ../../lib/libvarnish/vss.c
Fix those and then you can follow the instructions in the answer by jacob-rastad above.
I have made some further notes here : http://www.blue-bag.com/blog/compiling-varnish-modules
回答4:
This is how I made basic authentication VMOD working with Varnish 4.1 in my Docker container https://github.com/blmr/varnish-basic-auth-docker
1) Install dependencies
apt-get install -y apt-transport-https \
&& apt-get install -y git-core zlib1g-dev automake build-essential libtool libssl-dev \
libreadline-dev libyaml-dev libsqlite3-dev ncurses-dev sqlite3 libxml2-dev libxslt1-dev \
libpcre3-dev libcurl4-openssl-dev python-docutils python-software-properties libvarnishapi-dev
2) Add Varnish repo
curl https://repo.varnish-cache.org/GPG-key.txt | apt-key add -
printf "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1 \ndeb-src https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1" >> /etc/apt/sources.list.d/varnish-cache.list && apt-get update
3) Install Varnish 4.1
apt-get install -qy varnish
4) Get Varnish source and compile it
apt-get source varnish && rm *.diff.gz *.dsc *.tar.gz \
&& mv varnish* varnish-source && cd varnish-source && ./autogen.sh && ./configure --prefix=/usr/sbin && make
5) Get Varnish basic auth VMOD and compile it
git clone http://git.gnu.org.ua/cgit/vmod-basicauth.git && cd vmod-basicauth \
&& git clone http://git.gnu.org.ua/repo/acvmod.git && ./bootstrap \
&& ./configure VARNISHSRC=/varnish-source VMODDIR=/usr/lib/varnish/vmods/ && make && make install && make check
6) Update default.vcl
sub vcl_recv {
if (!basicauth.match("/etc/varnish/htpasswd", req.http.Authorization)) {
return(synth(401, "Authentication required"));
}
}
sub vcl_synth {
if (resp.status == 401) {
set resp.http.WWW-Authenticate = "Basic";
}
}
