Tag Archives: debian

Varnish nsca logging on systemd system with x-forwarded-for

So, you have a Varnish server running systemd, which is behind a reverse proxy for SSL like nginx, and you can’t work out how to make varnishncsa log IP addresses from a specified header? Well, it’s a bit of a pain in the neck really. You need to override the systemd service file, which is like systemd’s version of the init scripts. Due to it being systemd, this is not just a case of editing a file…

For Debian, you can use the service file below, and paste it into

Once done, you need to reload systemd’s service listing itself;
$ systemctl daemon-reload

Congratulations, you now have varnishncsa logs including the visitor’s real IP address, as specified by Nginx. Change the name in “{X-Forwarded-For}” to change the header name, for example if you want CloudFlare’s view of the client’s IP address, use “CF-Connecting-IP”

 ExecStart=/usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid -F '%%{X-Forwarded-For}i %%l %%u %%t "%%r" %%s %%b "%%{Referer}i" "%%{User-agent}i"'
 ExecReload=/bin/kill -HUP $MAINPID


grub-probe: error: no such disk

Ran into this one today, on a debian squeeze box:

/usr/sbin/grub-probe: error: no such disk.

It actually was telling the truth, the disks listed in /boot/grub/device.map were wrong. Replaced /dev/disk/by-id/serial-of-drive with /dev/sda. Worked.

Whilst researching this problem, I did run into a similar debian bug, but it wasn’t relevant. In case you’re interested, it’s about LVM drives, and it’s here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673573

bind refuses to restart, debian squeeze

After an upgrade, I’ve noticed a few times that bind has refused to restart or reload, saying:

Stopping domain name service: namedrndc: connect failed: connection refused

This seems to be a permissions bug in debian, quite a long lasting one. In order to cheat-fix it quickly, I do the following:

chown bind:root /etc/bind/rndc.key
chmod 660
/etc/init.d/bind9 restart

That seems to fix it well enough. I think it’s a problem in that bind starts as one user, but runs as another. It may be that 440 are all the perms that are necessary. The debian bug report is here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=169577

Day 2: Church

Yay! I’m actually going to get to church this week, for the first time in 4 weeks 🙂

(Yes, for those readers who don’t know, I’m a Christian)

Reasons I haven’t been to church the past 3 weeks:

  • Week 1: Moving servers from old datacentre to new one
  • Week 2: On-call busy weekend. Worked 22 hours in 24, I was asleep Sunday morning. There’s a story in that itself…
  • Week 3: Moving servers again. Yay, 2 down, 1 to go.

So this week I get to go to church, and next weekend I don’t, as we’ve got the last server move. I’ve been trying to find a new church at the moment, which is harder than it sounds in London. At the moment, I’m going to one that my friend (and old youthleader) Roger is working for 🙂

If anyone reading knows Rog and Terry – Roger has picked up Terry’s ‘Bones’ 😉

Week 2’s story… A server failed during the day (partitions went read-only) and so I had to go to the datacentre, to replace the hardware. (That was when I was twittering about a debian install being stubborn about picking up mirrors. In the end, a reboot and reinstall from scratch sorted it – its routing table was stuffed.) Started to go in at 2000 Saturday, arrived back in town at about 0030 Sunday. ish.

Anyway, that’s enough rambling. I need to run to catch the tube 🙂 Hopefully tomorow’s blog will have a bit more content and a little less rambling 🙂


Well, its a couple of days into my trial and I’ve settled into Centos. (I went with Centos instead of Fedora, as its closer to RedHat according to the #ubuntu-uk guys andylockran & popey [Thanks!], which is the OS I really was aiming to play with.)

I’ve had a couple of niggles, like the old version of Firefox (1.5x series instead of 2x) on Centos, the ease of installing java etc… Its only when you step away from Ubuntu that you realize just how advanced it actually is!

So far, I’ve installed 4 rpm packages manually, and compiled one successfully. (I tried to compile the last.fm client, but it wasn’t playing ball. I’ll get it working eventually…)

The package I compiled was pamusb, a really cool utility to allow you to use a USB key for authentication on your system, literally, you can use it to login with, use sudo commands without passwords, etc. I’ll probably post a guide at some point. From looking around on the web, it works better with Ubuntu than Centos as the packages you need are in Ubuntu’s repos. I’m not sure whether that includes the pam configuration you have to do, but I’d expect so.

You can get pamusb here: http://www.pamusb.org/ (or as mentioned, in the Ubuntu Repositories) [Update: Don’t use the Ubuntu Repository version: its out of date]

Centos’s graphical package manager isn’t anything as nice as Ubuntu’s, but the command line “yum” is certainly better, giving more information in “yum search <package or purpose>” than a “apt-cache search <package>” would.

With this reinstall I put /home/ on a separate partition, so that should make jumping easier. I’ll probably try Fedora at some point… and Debian….