Geek Answers Handbook

Varnish 4 Basic Authentication

I need to cache several server servers, I switch from Nginx to Varnish and finally discover that the server needs to start HTTP Basic Authentication. I try this link http://blog.tenya.me/blog/2011/12/14/varnish-http-authentication and it doesn’t work for me (they ran Varnish 3) Is there an easy way to configure basic authentication in Varnish 4?

+4
source share
4 answers

You can use VMOD basicauth

Install VMOD

First you need to install it. Download the source from the Git repo for basicauth . Extract to your homedir, for example. ~ / VMOD-BasicAuth /

Varnish VMOD.

Debian/Ubuntu

apt-get source varnish

pwd.

, . ,

cd ~/vmod-basicauth
./configure VARNISHSRC=$HOME/varnish-4.0.2
make 
sudo make install
sudo make check

, Ubuntu Debian ( , ).

Git (v4.0.2)

""

cd ~
wget https://github.com/varnish/Varnish-Cache/archive/varnish-4.0.2.zip
unzip varnish-4.0.2.zip
cd Varnish-Cache-varnish-4.0.2
sudo ./autogen.sh
sudo ./configure --prefix=/usr
sudo make

, , make-install, .

VMOD

cd ~
./configure VARNISHSRC=$HOME/Varnish-Cache-varnish-4.0.2
make 
sudo make install
sudo make check

, VMOD, . . /configure failed,

./configure VARNISHSRC=$HOME/Varnish-Cache-varnish-4.0.2 VMODDIR=/usr/lib/varnish/vmods/

, Varnish.

sudo apt-get install git-core zlib1g-dev automake build-essential libtool libssl-dev libreadline-dev libyaml-dev libsqlite3-dev ncurses-dev sqlite3 libxml2-dev libxslt1-dev libpcre3-dev libcurl4-openssl-dev python-docutils python-software-properties libvarnishapi-dev

VMOD

.htpasswd VCL.

"/var/www/.htpasswd" htpasswd.

#default.vcl
import basicauth;

sub vcl_recv {
    if (!basicauth.match("/var/www/.htpasswd",  req.http.Authorization)) {
        return(synth(401, "Authentication required"));
    }
}

#Prompt the user for a password
sub vcl_synth {
    if (resp.status == 401) {
        set resp.http.WWW-Authenticate = "Basic";
    }
}
+7

, Debian Jessie, Varnish .

  • automake subdir, configure.ac 18

    AM_INIT_AUTOMAKE([1.11 foreign color-tests parallel-tests subdir-options])

  • Makefile bin/varnishadm bin/varnishhist $(top_srcdir) ../../- automake (. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=402727)

    varnishadm_SOURCES = \ 
        varnishadm.c \ 
        ../../lib/libvarnish/vas.c \ 
        ../../lib/libvarnish/vsa.c \ 
        ../../lib/libvarnish/vtcp.c \ 
        ../../lib/libvarnish/vss.c

, jacob-rastad .

: http://www.blue-bag.com/blog/compiling-varnish-modules

+2

:

sub vcl_recv {
  if (! req.http.Authorization ~ "Basic Zm9vOmJhcg==") {
    return(synth(401, "Authentication required"));
  }
  unset req.http.Authorization
}

sub vcl_synth {
  if (resp.status == 401) {
    set resp.status = 401;
    set resp.http.WWW-Authenticate = "Basic";
    return(deliver);
  }
}

src: http://blog.tenya.me/blog/2011/12/14/varnish-http-authentication/#comment-2882579903

+2

VMOD, Varnish 4.1 Docker https://github.com/blmr/varnish-basic-auth-docker

1)

apt-get install -y apt-transport-https \
&& apt-get install -y git-core zlib1g-dev automake build-essential libtool libssl-dev \
libreadline-dev libyaml-dev libsqlite3-dev ncurses-dev sqlite3 libxml2-dev libxslt1-dev \
libpcre3-dev libcurl4-openssl-dev python-docutils python-software-properties libvarnishapi-dev

2)

curl https://repo.varnish-cache.org/GPG-key.txt | apt-key add -
printf "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1 \ndeb-src https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.1" >> /etc/apt/sources.list.d/varnish-cache.list && apt-get update

3) Varnish 4.1

apt-get install -qy varnish

4)

apt-get source varnish && rm *.diff.gz *.dsc *.tar.gz \
&& mv varnish* varnish-source && cd varnish-source && ./autogen.sh && ./configure --prefix=/usr/sbin && make

5) Get the base VMN VMD file and compile it

git clone http://git.gnu.org.ua/cgit/vmod-basicauth.git && cd vmod-basicauth \
&& git clone http://git.gnu.org.ua/repo/acvmod.git && ./bootstrap \
&& ./configure VARNISHSRC=/varnish-source VMODDIR=/usr/lib/varnish/vmods/ && make && make install && make check

6) Update default.vcl

sub vcl_recv {
if (!basicauth.match("/etc/varnish/htpasswd",  req.http.Authorization)) {
            return(synth(401, "Authentication required"));
    }
}

sub vcl_synth {
  if (resp.status == 401) {
        set resp.http.WWW-Authenticate = "Basic";
  }
}
+1
source

More articles:


All Articles