Recently I posted about Varnish with secure AWS S3 bucket as backend and I wanted to have the “always online” enabled, meaning you can take the backend offline while serving from Varnish cache.
Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.
First secure your bucket via IP policy:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"5.6.7.8/32" //varnish ip
]
}
}
},
{
"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.bucket/*",
"Condition": {
"StringNotLike": {
"aws:Referer": [
"https://example.com/*"
]
}
}
}
]
}
– Make sure to check Nginx, PHP posts for information on Nginx and PHP setup and configuration.
Nginx offers two modules, HttpLimitReqModule and HttpLimitZoneModule, to limit simultaneous connections for the assigned session and the number of requests for a given session from one IP address. Basically these modules are built to protect the web server from possible DDos attacks; For example, this configuration limits remote clients to no more than 20 concurrently “open” connections per remote ip address:
http{
limit_conn_zone $binary_remote_addr zone=concurrent:10m;
limit_conn_log_level warn;
limit_conn concurrent 20;
Fix W3 Total Cache W3_Plugin_TotalCache::ob_callback() expected to be a reference
Around a year ago I was playing with W3 Total Cache plugin on HHVM while I got an annoying warning
The funny part is that one of the functions was passing by reference which I still could not find the reason for it, maybe it was a limitation in PHP 4.3. Removing one character “&” fixed the issue so I submitted a pull request to the author although the repository currently does not accept pull request. Later on as PHP 7.0 was released, the issue started to show on PHP as well which brought more attention to this small fix. The users comments included anger such as user @kmob2 who said
this is becoming a running gag
Even more user @pratham2003 proposed a one line bash command to solve the problem
I hope that the developers will finally listen to the users and fix it soon!