Question

我在配置 default.vcl 时出现问题： varnish 阻止登录phpMyAdmin并在身份验证后始终显示登录页面。

Web服务器必须只托管WordPress站点和phpMyAdmin，每个用户都可以在其中管理他的数据库。

http://phpMyAdmin.domain.com //for phpMyAdmin where users access their database
http://www.site1.com  
http://www.site2.com  
http://www.site3.com //and so on

我在哪里出错或丢失了什么？

这是我的实际默认值.vcl

backend default {
    .host = "127.0.0.1";
    .port = "8000";
}

acl purge {
    # Web server with plugin which will issue PURGE requests
    "127.0.0.1";
    "localhost";
}

sub vcl_recv {
    if (req.request == "PURGE") {
        if (!client.ip ~ purge) {
            error 405 "Not allowed.";
        }
        ban("req.url ~ ^" + req.url + "$ && req.http.host == " + req.http.host);
    }

    # Normalize content-encoding
    if (req.http.Accept-Encoding) {
        if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|lzma|tbz)(\?.*|)$") {
            remove req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            remove req.http.Accept-Encoding;
        }
    }

    # Remove cookies and query string for real static files
    if (req.url ~ "^/[^?]+\.(gif|jpg|jpeg|swf|css|js|txt|flv|mp3|mp4|pdf|ico|png|gz|zip|lzma|bz2|tgz|tbz)(\?.*|)$") {
       unset req.http.cookie;
       set req.url = regsub(req.url, "\?.*$", "");
    }

    # Don't cache backend
    if (req.url ~ "wp-(login|admin|comments-post.php|cron.php)") {
        return (pass);
    }

    if (req.url ~ "pmacloud") {
        return(pass);
    }

    return (lookup);
}

sub vcl_fetch {
  # Don't store backend
  if (req.url ~ "wp-(login|admin|comments-post.php|cron.php)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
    return (hit_for_pass);
  }
  if ( (!(req.url ~ "(wp-(login|admin|comments-post.php|cron.php)|login)")) || (req.request == "GET") ) {
    unset beresp.http.set-cookie;
    set beresp.ttl = 4h;
  }
  if (req.url ~ "\.(gif|jpg|jpeg|swf|css|js|txt|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
     set beresp.ttl = 30d;
  } #else {
  # set beresp.do_esi = true;
  #}
}
sub vcl_hit {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }
}

sub vcl_miss {
        if (req.request == "PURGE") {
                purge;
                error 200 "Purged.";
        }
}

Answer 1

启用phpMyAdmin访问权限的解决方案是添加

sub vcl_recv

if (req.http.Host == "phpMyAdmin.domain.com") {
   return (pass);
}

sub vcl_fetch

if (req.http.Host == "phpMyAdmin.domain.com") {
    return (hit_for_pass);
}

Answer 2

在您的vcl_fetch中，除了WordPress特定的URL之外，您将删除set-cookie标题。

Speficically：

# Don't store backend
if (req.url ~ "wp-(login|admin|comments-post.php|cron.php)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
  return (hit_for_pass);
}
if ( (!(req.url ~ "(wp-(login|admin|comments-post.php|cron.php)|login)")) || (req.request == "GET") ) {
  unset beresp.http.set-cookie;
  set beresp.ttl = 4h;
}

您需要调整这两行以查找phpMyAdmin特定的URL或域。

例如，如果phpMyAdmin始终托管在phpmyadmin.domain.com上，您可以执行以下操作：

# Don't store backend
if ( 
  req.http.host ~ "phpmyadmin"
  || req.url ~ "wp-(login|admin|comments-post.php|cron.php)"
  || req.url ~ "preview=true"
  || req.url ~ "xmlrpc.php"
) {
  return (hit_for_pass);
}
if (
  req.http.host ~ "phpmyadmin"
  || (!(req.url ~ "(wp-(login|admin|comments-post.php|cron.php)|login)"))
  || (req.request == "GET")
) {
  unset beresp.http.set-cookie;
  set beresp.ttl = 4h;
}

使用phpMyAdmin和VirtulHosts进行清漆配置

2 个答案: