Using hitch with varnish on Debian Jessie

I ended up needing to install hitch on a server recently, so the https:// traffic could be routed through Varnish (along with the existing ‘http’ stuff) for performance reasons.

The server only runs WordPress sites, so there are WordPress specific things in the Varnish configuration (vcl) file below.

Versions: Varnish 5.2, Hitch 1.4.4, Apache 2.4 and Debian Jessie.

Continue reading “Using hitch with varnish on Debian Jessie”

postsrsd monit config

This might work to configure monit on Debian (Jessie) to monitor postsrsd.

check process postsrsd matching "/usr/sbin/postsrsd"
    group postsrsd
    start program = "/etc/init.d/postsrsd start"
    stop  program = "/etc/init.d/postsrsd stop"
    if failed host localhost port 10001 then restart 
    if failed host localhost port 10002 then restart 

compiling a vanilla kernel to a .deb

As I keep losing this….

Creating a .deb kernel package from a vanilla kernel.org kernel :

  1. wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.4.24.tar.xz
  2. tar -xf linux-4.4.24.tar.xz
  3. cd linux-4.4.24
  4. cp /boot/config-whatever .config
  5. Optionally: edit and set: CONFIG_DEBUG_INFO=n to stop the *dbg* package being generated
  6. make olddefconfig
  7. make deb-pkg -j6 LOCALVERSION=-dg1

dotdeb – apt package pinning

As of last night, Debian Security released PHP 5.4.44 for Wheezy. Wheezy shipped with PHP 5.4.12 or something like that.

DotDeb is currently on 5.4.43, and if you’ve been using it based on the assumption that it has a newer version of a package over Debian, then an upgrade will leave your PHP install in a mess (e.g. no php5-gearman or php5-imagick).

To fix this, the following in e.g. /etc/apt/preferences.d/dotdeb will help :

Package: *
Pin: origin packages.dotdeb.org
Pin-Priority: 1001

This should make apt choose dotdeb packages over Debian, even if Debian contains a newer version.

i.e. stop apt relying on just the package version number, and previously dotdeb always had a higher one.

Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.

I needed  a variant of Squid which supported transparent SSL interception (i.e via iptables redirection) so I could log outgoing HTTPS requests without the client being aware.

The stock wheezy variant doesn’t support SSL (see : Debian Bug Report).

Even after recompiling Wheezy’s squid3 it didn’t seem to work (perhaps my stupidity) so I ended up moving to the latest-and-greatest squid (3.4.9 at the time of writing) and getting that to work. Brief notes follow.

Continue reading “Squid 3.4.x for with transparent ssl proxying/support for Debian Wheezy.”