diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2020-03-21 20:21:05 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2020-03-21 20:21:05 +0200 |
commit | a6d6598a99f654cf25a65e512ce7bf4856fda3b2 (patch) | |
tree | 5cd0500e3bf009c294fa0eeb06dfcf9759cfdb46 | |
parent | 0774e8317694461a0d16ec365d70be08f6554c92 (diff) | |
download | vmod-remoteip-a6d6598a99f654cf25a65e512ce7bf4856fda3b2.tar.gz vmod-remoteip-a6d6598a99f654cf25a65e512ce7bf4856fda3b2.tar.bz2 |
Version 1.0v1.0
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | README | 123 | ||||
-rw-r--r-- | configure.ac | 6 |
4 files changed, 97 insertions, 36 deletions
@@ -18,12 +18,14 @@ aclocal.m4 autom4te.cache/ build-aux config.h config.h.in config.log config.status configure core libtool m4 stamp-h1 tmp/ +README.html +style1.css @@ -1,18 +1,18 @@ vmod_remoteip -- history of user-visible changes. 2020-03-21 See the end of file for copying conditions. Please send vmod_remoteip bug reports to <gray@gnu.org> -Version 0.90 (Git) +Version 1.0, 2020-03-21 Initial release ========================================================================= Copyright information: Copyright (C) 2020 Sergey Poznyakoff Permission is granted to anyone to make or distribute verbatim copies of this document as received, in any medium, provided that the copyright notice and this permission notice are preserved, thus giving the recipient permission to redistribute in turn. @@ -1,95 +1,154 @@ -Vmod_remoteip -============= +#+TITLE: vmod_remoteip: Deduce actial client IP address for Varnish Cache -Overview --------- +* Overview -This modules is for Varnish Cache what mod_remoteip is for Apache. It +This module is for Varnish Cache what =mod_remoteip= is for Apache. It determines the actual client IP address for the connection, using the -useragent IP address list presented by a proxies or a load balancer +useragent IP address list presented by a proxy or load balancer via the request headers and a preconfigred list of trusted IP addresses. For example, if your Varnish server works behind a load balancer or yet another reverse proxy (such as pound or haproxy to handle the TLS connection), you can use this module to get the real -incoming connection IP address from the "X-Forwarded-For" header. +incoming connection IP address from the =X-Forwarded-For= header. -Example -------- +* Example -An example of using this module: +The following example VCL uses the client address deduced from the +value of the =X-Forwarded-For= header to enable the code specific for +hosts from the ACL "allowed": +#+BEGIN_SRC vcl-script import std; import remoteip; sub vcl_init { - remoteip.init("192.0.2.1, 127.0.0.0/8"); + // Register trusted proxy server addresses + remoteip.init("192.0.2.1, 127.0.0.1"); } acl allowed { - "127.0.0.1"; - ... + "203.0.113.1"; + "192.0.2.10"; } sub vcl_recv { set req.http.x-real-ip = remoteip.get(req.http.X-Forwarded-For); if (std.ip(req.http.x-real-ip) ~ allowed) { ... } } +#+END_SRC -Installation ------------- +* Installation -In order to compile the package you need to have installed -varnishd and varnishapi package. The module has been tested with -Varnish version 6.3.1. +In order to compile the package you need the varnishd and varnishapi +packages. The module has been tested with Varnish version 6.3.1 and +higher. Python 3, [[https://sourceforge.net/projects/docutils][Docutils]] +and [[http://sphinx-doc.org][Sphinx]] are needed to build documentation. +On Debian-based systems, this requires the =python3-docutils= and +=python3-sphinx= packages. -Supposing that condition is met, run: +If these prerequisites are met, run: +#+BEGIN_SRC shell-script ./configure +#+END_SRC -If your system offers Python versions 2.x and 3.x, it is quite often that -version 2.x is used by default. In that case, we recommend to explicitly -require version 3.x, as shown in this example: +If both Python versions 2.x and 3.x are installed on the system, +chances are version 2 is used by default. In that case, require +version 3 explicitly, as shown in this example: +#+BEGIN_SRC shell-script ./configure PYTHON=python3 +#+END_SRC Otherwise, the configure script should be able to automatically find the necessary components. In case it doesn't, tweak the configuration -variables as necessary. The most important one is PKG_CONFIG_PATH, -which contains a path (in the UNIX sense) where the .pc files are -located. It should contain a directory where the 'varnishapi.pc' file +variables as necessary. The most important one is =PKG_CONFIG_PATH=, +which contains a path (in the UNIX sense) where the =.pc= files are +located. It should contain a directory where the =varnishapi.pc= file lives. Example usage: +#+BEGIN_SRC shell-script ./configure PKG_CONFIG_PATH=/opt/varnish/lib/pkgconfig:$PKG_CONFIG_PATH +#+END_SRC -Please read the file INSTALL for a detailed discussion of available variables +Please read the file =INSTALL= for a detailed discussion of available variables and command line options. Once configured, do +#+BEGIN_SRC shell-script make +#+END_SRC This will build the module. After this step you can optionally run -'make test' to test the package. +=make test= to test the package. Finally, run the following command as root: +#+BEGIN_SRC shell-script make install +#+END_SRC -Documentation -------------- +* Documentation -The manual page vmod_remoteip(3) will be available after a successful -install. To read it without actually installing the module, run -`man src/vmod_remoteip.3'. +The manual page +[[http://man.gnu.org.ua/manpage/?3+vmod_remoteip][vmod_remoteip(3)]] will +be available after a successful install. To read it without actually +installing the module, run =man src/vmod_remoteip.3= . An online copy of the documentation is available from http://ps.gnu.org.ua/software/vmod-remoteip. +* Downloads + +Source tarballs can be downloaded from +https://download.gnu.org.ua/release/vmod-remoteip. + +The git repository is available at +http://git.gnu.org.ua/cgit/vmod-remoteip.git. + +The project home page is +https://puszcza.gnu.org.ua/projects/vmod-remoteip. + +* Copyright + +Copyright (C) 2020 Sergey Poznyakoff + +Permission is granted to anyone to make or distribute verbatim copies +of this document as received, in any medium, provided that the +copyright notice and this permission notice are preserved, +thus giving the recipient permission to redistribute in turn. + +Permission is granted to distribute modified versions +of this document, or of portions of it, +under the above conditions, provided also that they +carry prominent notices stating who last changed them. + * Bug reporting Send bug reports and suggestions to <gray@gnu.org> +* Document settings :noexport: + +Please ignore this section. It supplies the variables necessary for +proper rendering of this document. + +:PROPERTIES: +:VISIBILITY: folded +:END: + +#+STARTUP: showall +#+EXCLUDE_TAGS: noexport +#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="style1.css" /> +#+OPTIONS: ^:nil + +# Local Variables: +# mode: org +# paragraph-separate: "[ ]*$" +# version-control: never +# End: + diff --git a/configure.ac b/configure.ac index 0545796..cc8480a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,30 +1,30 @@ # This file is part of vmod_remoteip. -# Copyright (C) 2017-2018 Sergey Poznyakoff +# Copyright (C) 2020 Sergey Poznyakoff # # Vmod_remoteip is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3, or (at your option) # any later version. # # Vmod_remoteip is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with vmod_remoteip. If not, see <http://www.gnu.org/licenses/>. AC_PREREQ(2.69) -AC_INIT([vmod-remoteip], [0.90], [gray@gnu.org]) +AC_INIT([vmod-remoteip], [1.0], [gray@gnu.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR(src/vmod_remoteip.vcc) AM_CONFIG_HEADER(config.h) AC_SUBST([AC_VMOD_BASENAME],[remoteip]) AC_CANONICAL_SYSTEM AC_LANG(C) AM_INIT_AUTOMAKE([1.14 gnu tar-ustar silent-rules]) AM_SILENT_RULES([yes]) @@ -36,25 +36,25 @@ if test "x$ac_cv_prog_cc_c99" = xno; then fi AC_PROG_CPP AC_PROG_INSTALL AC_PROG_LIBTOOL AC_PROG_MAKE_SET # Checks for header files. AC_HEADER_STDC # Check for functions -AM_VARNISHAPI([6.0],[6.3.1]) +AM_VARNISHAPI([6.0],[6.3.2]) AC_DEFINE_UNQUOTED([VARNISHAPI_MAJOR],[$VARNISHAPI_MAJOR], [Varnish API major version number]) AC_CONFIG_TESTDIR(tests) AC_CONFIG_FILES([tests/Makefile tests/atlocal]) AM_MISSING_PROG([AUTOM4TE], [autom4te]) AC_CONFIG_FILES([ Makefile src/Makefile ]) AC_OUTPUT |