Linux版Centos 64位配置HTTPS站点：1. 验证主机宝Linux版(Centos 64位)中已经安装openssl，并在编译时添加了对openssl模块的支持，如下图：2. 进入/a/apps/nginx-1.4.7/目录，为站点创建私钥文件和签名证书，步骤如下：3. 进入/a/apps/nginx-1.4.7/vhosts目录，新建配置文件https.conf，文件内容如下：4. 通过/etc/init.d/nginx reload 让配置生效5. 因为主机宝镜像开启了iptables防火墙，需要将https的443端口加入到防火墙中允许访问    iptables -I INPUT -p tcp --dport 443 -j ACCEPT    service iptables save6. 测试可以访问https站点，如下图：

您所在的组无权查看该日志

重定向varnish前端用户的URL请求 Rewriting and redirecting URLs in Varnish Rewriting an URL You can easily rewrite the URL using the regsub() function in VCL. This takes place in vcl_recv. if (req.http.host ~ "^(www\.)?example\.com" && req.url~ "^/images/") { set req.http.host = "images.example.com"; set req.url = regsub(req.url, "^/images/", "/"); } This examples rewrites access to http://www.example.com/images/foo.jpg to http://images.example.com/foo.jpg. This is not visible to the user, but affects how the request to the backend(s) look. This does not affect which backend is used, so images.example.com is not actually resolved. This is useful to avoid double caching of items available from different URIs. For example, to cache www.example.com and example.com identically, one could use: set req.http.host = regsub(req.http.host, "^www\.example\.com___FCKpd___1quot;,"example.com"); Requests to www.exa...

Documentation The official documentation contains a install guide, a tutorial and a reference.We're trying to keep the official documentation in sync with the code. Both are kept in same source repository and both are available online:Documentation for the latest release 4.1Documentation for the stable release 4.0Documentation for version 3.0 (unsupported)Documentation for version 2.1 (unsupported)Documentation for the current development version (git master)You also probably want to have a look at the wiki - especially the VCL Examples. Quick install guides various operating systems: Ubuntu Debian Red Hat Enterprise Linux and Centos FreeBSDThe Varnish BookA comprehensive user guide for System Administrators and Web Developers in book format provided by Varnish Software:Online Reference Guide for the current stable  release (4.0)Online Reference Guide for version ...

IPSEC L2TP VPN on Ubuntu 14.04 with OpenSwan, xl2tpd and pppThis is a guide on setting up an IPSEC/L2TP vpn server with Ubuntu 14.04 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp or local users / PAM for authentication. It has a detailed explanation with every step. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPNs and because it is supported on all major operating systems by defaultWhy a VPN?More than ever, your freedom and privacy when online is under threat. Governments and ISPs want to control what you can and can't see while keeping a record of everything you do, and even the shady-looking guy lurking around your coffee shop or the airport gate can grab your bank details easier than you may think. A self hosted VPN lets you surf the web the way it was intended: anonymously and without oversight.A VPN (virtual private network) creates a secure, encrypted tunnel through which all of your online data passes back a...

IPSEC L2TP VPN on CentOS 6 / Red Hat Enterprise Linux 6 / Scientific Linux 6This is a guide on setting up a IPSEC/L2TP vpn on CentOS 6 or Red Hat Enterprise Linux 6 or Scientific Linux 6 using Openswan as the IPsec server, xl2tpd as the l2tp provider and ppp for authentication. We choose the IPSEC/L2TP protocol stack because of recent vulnerabilities found in pptpd VPN's.IPSec encrypts your IP packets to provide encryption and authentication, so no one can decrypt or forge data between your clients and your server. L2TP provides a tunnel to send data. It does not provide encryption and authentication though, that is why we need to use it together with IPSec.Why a VPN?More than ever, your freedom and privacy when online is under threat. Governments and ISPs want to control what you can and can't see while keeping a record of everything you do, and even the shady-looking guy lurking around your coffee shop or the airport gate can grab your bank details easier than you may think. A self ...

Using StrongSwan for IPSec VPN on CentOS 7StrongSwan is an open source IPsec-based VPN Solution. It supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. This tutorial will show you how to use strongSwan to set up an IPSec VPN server on CentOS 7.Install strongSwanThe strongSwan packages are available in the Extra Packages for Enterprise Linux (EPEL) repository. We should enable EPEL first, then install strongSwan.yum install http://ftp.nluug.nl/pub/os/Linux/distr/fedora-epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum install strongSwan openssl Generate certificatesBoth the VPN client and server need a certificate to identify and authenticate themselves. I have prepared two shell scripts to generate and sign the certificates. First, we download these two scripts into the folder /etc/strongswan/ipsec.d.cd /etc/strongswan/ipsec.d wget https://raw.githubusercontent.com/michael-loo/strongswan_config/for_vultr/serv...

CentOS7下Strongswan架设IPSec-IKEv1, IKEv2, L2TP VPN,适用于 IOS9,OSX, Windows, LinuxVPN 隧道协议PPTP、L2TP、IPSec和SSLVPN（SSTP，OpenVPN）中安全性逐级提高，相应的受到墙的干扰相对要弱点，但是现在我们考虑到跨平台，PPTP穿透力及安全性可以忽略，所以这里搭建支持 ikev1/ikev2 的 Ipsec VPN，适用于iOS、Android、Windows 7+ 、MacOS X,及Linux。为了兼容Windows 7以下的系统，同时搭建L2TP/IPSec支持。支持IOS9 IKEV2 的配置，直接到最后查看2015.12更新安装 StrongSwan由于Openswan已经没人维护了，所以我们选择更强大的Strongswan.它是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1 的实现。它也完全支持新的IKEv2协议的Linux 2.6内核。StrongSwan 的发行版已包含在 EPEL 源中, 但是CentOS源的包比较旧，所以我们手动在官网https://www.strongswan.org/download.html下载安装包，当然你也可以直接源码编译。wget http://dl.fedoraproject.org/pub/epel/7/x86_64/s/strongswan-5.3.2-1.el7.x86_64.rpm rpm -ihv strongswan-5.3.2-1.el7.x86_64.rpm编译：wget http://download.strongswan.org/strongswan.tar.gz tar xzf strongswan.tar.gz cd strongswan-*...

在 CentOS 7 上部署 L2TP/IPSec VPN 服务 首先安装strongswan和xl2tpd： Shell yum install strongswan xl2tpd 记得开启IP转发，修改 /etc/sysctl.conf，将net.ipv4.ip_forward的值改为1，然后执行 sysctl - p 使之生效。 接下来修改 /etc/strongswan/ipsec.conf文件，如下： config setup conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 conn l2tp keyexchange=ikev1 # IKE版本 left=<对外IP> leftsubnet=0.0.0.0/0 leftprotoport=17/1701 authby=secret leftfirewall=no right=%any rightprotoport=17/%any type=transport auto=add 修改 /etc/strongswan/ipsec.secrets文件（没有此文件就新建一个）： # ipsec.secrets - strongSwan IPsec secrets file : PSK " " IPsec的部分就完成了，接下来是L2TP。 /etc/xl2tpd/xl2tpd.conf文件的 [lns default] 部分如下： [lns default] ip range = 10....

This is a guide on setting up an IPSEC VPN server on CentOS 7 using StrongSwan as the IPsec server and for authentication. It has a detailed explanation with every step. We choose the IPSEC protocol stack because of recent vulnerabilities found in pptpd VPNs and because it is supported on all recent operating systems by default. Why a VPN?More than ever, your freedom and privacy when online is under threat. Governments and ISPs want to control what you can and can't see while keeping a record of everything you do, and even the shady-looking guy lurking around your coffee shop or the airport gate can grab your bank details easier than you may think. A self hosted VPN lets you surf the web the way it was intended: anonymously and without oversight.A VPN (virtual private network) creates a secure, encrypted tunnel through which all of your online data passes back and forth. Any application that requires an internet connection works with this self hosted VPN, including your web browser, e...