Screwloose - Install Varnish 3.0 with VSF (Varnish Security Firewall) on centos 6

Install Varnish 3.0 with VSF (Varnish Security Firewall) on centos 6

Posted by Jake on June 12, 2013

Just finished setting up our cluster of varnish servers and its working nicely.
Using lsyncd to replicate the varnish configs, but thats for another post.

Here is a step by step on howto install varnish with VSF (Varnish Security Firewall) on centos 6.
If have already installed varnish then be sure to uninstall it before completing the steps below.

sed -i 's/SELINUX=.*/SELINUX=permissive/' /etc/sysconfig/selinux
setenforce 0
 
yum groupinstall "Development Tools" -y
yum install docutils pcre-devel gcc* git nano -y
 
cd /tmp
wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz
tar xf varnish-3.0.3.tar.gz && cd varnish-3.0.3 && ./configure
make -j3 && make install
cd -
 
git clone https://github.com/comotion/VSF.git
cd VSF/
 
git clone https://github.com/fastly/libvmod-urlcode.git
git clone https://github.com/nand2/libvmod-throttle.git
git clone https://github.com/xcir/libvmod-parsereq.git
git clone https://github.com/varnish/libvmod-shield.git
 
for mod in parsereq urlcode shield throttle; do
   cd libvmod-$mod
   ./autogen.sh && VARNISHSRC=/tmp/varnish-3.0.3 VMODDIR=/usr/lib64/varnish/vmods ./configure && make -j3
   make install
   cd -
done
 
cd /tmp/varnish-3.0.3 
make uninstall
 
rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm
yum install varnish -y
chkconfig varnish on
 
mv /tmp/VSF/ /usr/share/
cd /etc/varnish && ln -s /usr/share/VSF/vcl security
 
nano /etc/varnish/default.vcl

Now add:
include “/etc/varnish/security/vsf.vcl”;
edit /etc/sysconfig/varnish to change the listen port to 80

reboot and you should be good to go!

Tags: centos, varnish, varnish security firewall, VSF

Posted in: Scripts

Leave a Comment (3) ↓

VanishJR April 11, 2015

I have followed the same process which you have suggested but after that varnish is not getting restarted, can you please guide me where I am doing wrong

Andrew May 31, 2015
What OS are you running this on?

George May 10, 2015

I don’t think taht this will work, beucase if varnish-libs and varnish-libs-devel are not installed it will print the following error:

make[1]: Entering directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode’
Making all in src
make[2]: Entering directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode/src’
make[2]: *** No rule to make target `@VMODTOOL@’, needed by `vcc_if.c’. Stop.
make[2]: Leaving directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode/src’
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode’
make: *** [all] Error 2
Making install in src
make[1]: Entering directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode/src’
make[1]: *** No rule to make target `@VMODTOOL@’, needed by `vcc_if.c’. Stop.
make[1]: Leaving directory `/root/tmp/varnish-3.0.3/VSF/libvmod-urlcode/src’
make: *** [install-recursive] Error 1

I installed them but it didn’t work aain on version 3.03 (on 4 it works). How can I fix this?

Also th end print this error:

libtool: Version mismatch error. This is libtool 2.4.2 Debian-2.4.2-1ubuntu1, but the
libtool: definition of this LT_INIT comes from libtool 2.2.6b.
libtool: You should recreate aclocal.m4 with macros from libtool 2.4.2 Debian-2.4.2-1ubuntu1
libtool: and run autoconf again.
make[1]: *** [vcc_if.lo] Error 63
make[1]: Leaving directory `/root/tmp/varnish-3.0.3/VSF/libvmod-throttle/src’
make: *** [install-recursive] Error 1

Which version of libtool is needed?