Sohaib's Tech Blog

Something for every one

Apache Traffic Server Reverse Proxy — 2013

Apache Traffic Server Reverse Proxy

Apache Traffic Server
Apache Traffic Server

This tutorial is about setting up Apache Traffic Server to work as Reverse Proxy to cache your website for SSL and NON SSL domain for CENTOS 6.x


1.Aapache Traffic Server is not available in default Repository of CentOS so we need to istall EPEL repository
rpm -ivh

2. Install Apache Traffic Server
yum install trafficserver

3.Added Following line to /etc/trafficserver/remap.config
map http://209.xx.xx.xx
map http://209.xx.xx.xx
map https://209.xx.xx.xx
map https://209.xx.xx.xx

4.A directory ssl is created at /etc/trafficserver/ and ssl.key and ssl.cert is added to that directory.


#Seting Port of server to 80
CONFIG proxy.config.http.server_port INT 80
#Enabling ssl port 443
CONFIG proxy.config.ssl.enabled INT 1
#Filename of ssl certificate
CONFIG proxy.config.ssl.server.cert.filename STRING ssl.cert
#Path of SSL Certificate
CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl/
#Name of SSL Key file
CONFIG proxy.config.ssl.server.private_key.filename STRING key.ssl
#Path of SSL Key File
CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl/

For the replication across different servers follow step 1 to 2 and copy replace /etc/trafficserver

Squid as Reverse Proxy —

Squid as Reverse Proxy

Squid Reverse Proxy
Squid Reverse Proxy

1.Installing the squid proxy in the server

# yum install squid

2.All the configuration should are done at squid.conf file which is located at /etc/squid/squid.conf

Changes :

At acl Declaration :

This acls are declared to separate the http and https query.

acl port443 port 443

acl port80 port 80

Port 3128 is used for proxy so it is not used in our case so it is disabled

# Squid normally listens to port 3128

#http_port 3128

#Squid changed to default port to 80 for http  Reverse Proxy

http_port 80 accel vhost

#Squid reverse proxy port for https  Reverse Proxy

https_port 443 cert=/etc/squid/ssl/1.crt key=/etc/squid/ssl/1.key vhost

We have to provide certificate path and key path when using SSL port at this directive.

##For HTTP Reverse Proxy ##

# Directive to tell Squid the IP address and other are of server1

cache_peer parent 80 0 no-query no-digest originserver login=PASS name=server1

#for other Servers

#cache_peer X.X.X.X parent 80 0 no-query no-digest originserver login=PASS name=server2

#cache_peer X.X.X.X parent 80 0 no-query no-digest originserver login=PASS name=server3

To specify other caches in a hierarchy, we use the format:

cache_peer hostname or IP type http-port icp-port [options]

Parent  : type of cache

originserver :  Causes this parent to be contacted as an origin server.Meant to be used in accelerator setups when the peer is a web server.

no-query :  Disable ICP queries to this neighbor.

no-digest: Disable request of cache digests

originserver: Causes this parent to be contacted as an origin server.Meant to be used in accelerator setups when the peer is a web server.

acl sites_server1 dstdomain

#acl sites_server2 dstdomain

#acl sites_server3 dstdomain

#Cache Peer Directive to map corresponding sites

cache_peer_access server1 allow sites_server1 port80

#cache_peer_access server2 allow sites_server2 port80

#cache_peer_access server3 allow sites_server3 port80

#Allow  Access to the sites

http_access allow sites_server1

#http_access allow sites_server2

#http_access allow sites_server3

##For HTTPS Reverse Proxy ##

# Directive to tell Squid the IP address of the servers and other are private ip address hosted inside the network

cache_peer parent 443 0 no-query no-digest originserver ssl sslflags=DONT_VERIFY_PEER  login=PASS name=sslserver1

#for other Servers

#cache_peer X.X.X.X parent 80 0 no-query no-digest originserver ssl sslflags=DONT_VERIFY_PEER  login=PASS name=sslserver2

#cache_peer X.X.X.X parent 80 0 no-query no-digest originserver ssl sslflags=DONT_VERIFY_PEER  login=PASS name=sslserver3

acl sites_ssl_server1 dstdomain

#acl sites_ssl_server2 dstdomain

#acl sites_ssl_server3 dstdomain

#Cache Peer Directive to map corresponding sites

cache_peer_access sslserver1 allow sites_ssl_server1 port443

#cache_peer_access sslserver2 allow sites_ssl_server2  port443

#cache_peer_access sslserver3 allow sites_ssl_server3   port 443

#Allow  Access to the sites

http_access allow sites_ssl_server1

#http_access allow sites_ssl_server2

#http_access allow sites_ssl_server3

##This last line is compulsion to avoid proxy to be used for other site browsing

http_access deny all

Command to reload squid :

# /etc/init.d/squid reload

or simply

# squid reload

3. Generating SSL Signing request

Generate a ‘key’ file that tells our server apart from other servers. If we dont  have openssl already installed on our machine, we can install it using

yum install openssl

Then changed to the directory to the place we would like to store certificates . In  our  case, I chose:

mkdir /etc/squid/ssl

cd ssl

openssl genrsa -out 1.key 2048

This will spit out a key for our server to create the CSR which is what we need to send to send to  SSL authority in order to get the required files to finish the setup. Next we generate a CSR (so in the same directory):

openssl req -new -key 1.key -out 1.csr

we have to send the contents of this CSR to SSL authority  received the signed certificate as crt but in our case we have already a key and certificate so it was added to ssl folder and renamed accordingly.

The received crt was renamed to 1.crt and added to /etc/squid/ssl/

4. Appending ca certificate to main certificate file (1 .crt)

Following command was executed: was ca certificate received from signing authority

cat >> 1.crt

A self signed certificate can be generated for testing purpose as :

openssl x509 -req -days 3650 -in 1.csr -signkey 1.key -out selfsign.crt

Amazon S3 Backup via S3tools — 2013

Amazon S3 Backup via S3tools

Amazon S3
Amazon S3

I wrote this HOW to on DirectAdmin Forum [adsenseyu2]

Guide is for CENTOS 6.x x32 or x64

yum install s3cmd -y – If you can’t install s3cmd then please follow the instructions


cd /etc/yum.repos.d
touch s3cmd.repo [adsenseyu2]
nano s3cmd.repo [adsenseyu2]

# Save this file to /etc/yum.repos.d on your system

# and run "yum install s3cmd"
name=Tools for managing Amazon S3 - Simple Storage Service (RHEL_6)

Try Above YUM Command again – This time it will install S3CMD, Once installation is completed try running the following command – It will configure your S3CMD using your AMAZON KEY AND Access ID.

s3cmd --configure

Once above is done – Create another file for example in /home/admin/user_backups or where ever you like

nano /home/admin/user_backups/

DONT FORGET TO chmod 777 and then run it like ./

So what this will upload all your content to AMAZON s3, but before you do this please create your bucket and folder inside your bucket for example , I have a BUCKET NAME – YOURBUCKETNAMEHERE inside that bucket I have a folder called Directadmin

DATE=`date +%d%m%Y_%H%M`
echo "Syncing files from $BACKUP_LOC to s3 bucket" >> $LOG
    s3cmd sync -r $BACKUP_LOC s3://$S3_BUCKET/Directadmin/
exit 0
Nginx + Varnish —

Nginx + Varnish

Install Varnish & Configure to work with NGINX

Configure the VCL

VCL is the Varnish Configuration Language. The VCL file holds most of the config.

sudo vi /etc/varnish/default.vcl [adsenseyu2]

Tell Varnish to communicate with the content server (Nginx) on port 8080.

backend default {
    .host = "";
    .port = "8080";

With the above config, Varnish will only cache files without cookies. The following config strips all cookies and caches everything. The ideal config is somewhere in between.

sub vcl_recv {
    unset req.http.cookie;
sub vcl_fetch {
    unset beresp.http.set-cookie;

Configure the Daemon

The Varnish daemon file sets ports, hosts, storage method, etc.

sudo vi /etc/default/varnish [adsenseyu2]

Tell Varnish to listen on port 80.

             -T localhost:6082
             -f /etc/varnish/default.vcl
             -S /etc/varnish/secret
             -s malloc,256M"

Configure Nginx Hosting

Varnish sits in front of Nginx on port 80 and talks to Nginx on 8080. Nginx defaults to 80, so make sure every Nginx server config listens on 8080. If not, Nginx will intercept Varnish.

sudo vi /etc/nginx/sites-available/default
sudo vi /etc/nginx/sites-available/

Add the listen directive to the default Nginx server config.

server {
    listen 8080;

Do the same for the virtual host config.

index index.php;
server {
    listen 8080;
server {
    listen 8080;

Restart Services [adsenseyu2]

After restart, inspect the page headers for Via:1.1 varnish. The 1.1 refers to HTTP 1.1.

sudo service nginx restart
sudo service php5-fpm restart
sudo service varnish restart


If you see an Nginx error when you visit a page, or if page headers don’t mention Varnish, it’s likely Nginx is still listening on port 80. Turn off Varnish and use netstat to check ports.

sudo /etc/init.d/varnish stop
netstat -an | grep LISTEN

If you see anything on port 80, make sure all Nginx virtual hosts are listening on port 8080.

NGINX Configuration for CS-Cart — 2013

NGINX Configuration for CS-Cart

I have spend a lot of times configuring CS-Cart to work with NGINX server , bottom line is to cache static content and have speed at the same time.

This is my step by step tutorial to install NGINX server and run CS-Cart so here it is :—–

In my environment I am using Ubuntu Precise Edition – which you can grab from Ubuntu website its 12.04 edition, obviously run the following steps once you are done with your UBUNTU installation.

NGINX Installation procedure:

Open Terminal. Open the Sources file for aptitude using vi. If you are not familiar with vi, open the file in nano or gedit.

sudo gedit /etc/apt/sources.list

If you are looking for ways to upgrade or install NGINX in Ubuntu or Debian systems, you are in right place. You can install them easily using the aptitude or apt-get command.The process only takes couple of minutes and requires minimal Linux knowledge.

NGINX Installation procedure:

Open Terminal. Open the Sources file for aptitude using vi. If you are not familiar with vi, open the file in nano or gedit.

sudo gedit /etc/apt/sources.list

If you are using Debian Squeeze (version 6.x),

deb squeeze nginx
deb-src squeeze nginx

If you are using Ubuntu, select the respective lines from below,

For Ubuntu Lucid (Version 10.04),

deb lucid nginx 
deb-src lucid nginx

For Ubuntu Oneiric (Version 11.10),

deb oneiric nginx 
deb-src oneiric nginx

For Ubuntu Precise (Version 12.04),

deb precise nginx
deb-src precise nginx

Add the lines applicable to you in the sources.list file. Now save and close the file.

In order to authenticate the repository and to avoid warnings about missing gpg key during installation of the nginx package, it is advised to add the key used to sign the nginx packages and repository to the apt program keyring.

Run the following commands in the terminal,

cat nginx_signing.key | sudo apt-key add -

Once added, update the aptitude with new repository,

sudo apt-get update

Now to install NGINX in Ubuntu or Debian systems, run the following command in terminal,

sudo apt-get install nginx

Once NGINX is installed now – will install database and php and configure them properly – In my installation I decided to go with Percona its faster and for what I need I prefer to go with that so here is the next step

But wait here before you install Percona we need to get the repo in Ubuntu

wget$(lsb_release -sc)_all.deb
dpkg -i percona-release_0.1-3.$(lsb_release -sc)_all.deb

Remember to update the local cache:

$ apt-get update

After that you can install the server and client packages

apt-get install percona-server-server-5.6  percona-server-client-5.6 -y

During installation it will ask you to set your mysql ROOT password so please go head and setup your password but DONT FORGET THAT 

Once above is installed now we need to install the major chunk

apt-get install memcached php5-cli php5-fpm php5-mysql php5-curl php5-gd php5-imagick php5-mcrypt php5-memcached

Once above step is completed – I will prefer if you can reboot your server so everything is normal and not acting UP :), once your server is up we need to make sure NGINX is stop and not working, please run the following command.

$ service nginx stop


NGINX CONFIGURATION FOR CS-CART Starts HERE remove all contents from nginx.conf file located at /etc/nginx/nginx.conf

user www-data;
worker_processes 8;

error_log /var/log/nginx/error.log warn;
pid /var/run/;
events {
worker_connections 1024;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;

keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_vary on;
gzip_disable "msie6";
gzip_http_version 1.0;
gzip_comp_level 8;
gzip_proxied any;
gzip_types text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
client_body_temp_path /tmp/client_temp;
# proxy_temp_path /tmp/proxy_temp;
# proxy_cache_path /var/cache/nginx/proxy_cache levels=2 keys_zone=nginx:100m inactive=200m max_size=5000m;
include /etc/nginx/conf.d/*.conf;
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=cache:10m max_size=1000m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";


After that goto your cd /etc/nginx/conf.d/httpd.conf

server {
listen 80;
listen 443 default ssl;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;


location / {
root /var/www/YOURDOMAIN/public_html;
index index.php;
try_files $uri $uri/ /index.php?sef_rewrite=1&$args;


error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;

location ~ .php$ {
root /var/www/YOURDOMAIN/public_html;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/YOURDOMAIN/public_html$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_cache_valid 200 302 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_valid any 1m;
location ~* .(css|js|jpg|jpeg|png|swf|gif|svg|ttf|eot)$ {
root /var/www/YOURDOMAIN/public_html;
try_files $uri http://backend$1;
expires max;
add_header X-CDN "WCWS INTERNET";
add_header ETag "";
log_not_found off;
add_header Cache-Control "public";
add_header Last-Modified "Sat, 30 Mar 2013 21:47:15 GMT";

location ~ /.ht {
deny all;

Please remember to change YOURDOMAIN with your domain name – Last thing you need to do if you have SSL enable shopping cart you need to add the following cert to your /etc/nginx/certs folder if that folder is not created then please create one and upload your .key and .crt for your SSL.

ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;

test your configuration by using the following command

nginx -t

if everything is good with no error – now simply run

service nginx restart

upload your files to /var/www/YOURDOMAIN/public_html

change your database settings in config.local.php in cs-cart folder once thats done now its time to create MYSQL DB

root@localhost:~# mysql -u root -p

mysql> CREATE DATABASE cs-cart;


If you dont already have your cs-cart Database file you can run the installation.

The file must be in .sql format. It can not be compressed in a .zip or .tar.gz file.

  1. Upload the SQL file to the server.Type this this command:
  2. mysql -p -u username database_name < file.sql

     To Export MYSQL DB

mysqldump -p -u username database_name > dbname.sql