cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89ad05022268a4994878245e55fea207159c86ac
Linux-Server-Management-Too…/modules/performance/nginx-varnish-manager.sh.pre-settings-approach
T
cschantz 89ad050222 Fix critical logic errors in email diagnostics scripts 
CRITICAL FIXES (5 issues):
1. email-diagnostics.sh: Fix inverted sender/recipient extraction logic
   - Lines 292-303: Corrected pattern matching to properly extract recipients and senders
   - Removed inverted grep patterns that were looking for wrong log entry types

2. mail-log-analyzer.sh: Fix string comparison with percent sign
   - Line 1184-1186: Properly extract numeric value before '%' character
   - Use sed to isolate leading digits for numeric comparison

3. email-diagnostics.sh: Fix malformed grep syntax
   - Line 525-527: Corrected grep command structure with -e options
   - Changed to -iE with pipe patterns and proper file argument placement

4. mail-log-analyzer.sh: Fix overly broad domain bounce pattern
   - Line 749: Changed from "^.*${domain}" to "\b${domain}$"
   - Prevents false positives from substring domain matches

5. mail-log-analyzer.sh: Fix undefined TEMP_LOG variable
   - Line 860: Changed TEMP_LOG to MAIL_LOG (the actual global variable)
   - Added error handling with 2>/dev/null

HIGH SEVERITY FIXES (2 issues):
6. mail-log-analyzer.sh: Fix AWK uninitialized variable
   - Lines 1447-1456: Added BEGIN block to initialize print_line = 0
   - Prevents first log entries from being incorrectly filtered

7. mail-log-analyzer.sh: Fix overly permissive bounce detection pattern
   - Line 247: Changed from "(==|defer)" to more specific pattern
   - Prevents false positives from non-bounce defer messages

MODERATE FIXES (3 issues):
8. mail-queue-inspector.sh: Fix queue message count mismatch
   - Line 41: Changed head -40 to head -20 to match label

9. deliverability-test.sh: Fix fragile SMTP connection test
   - Lines 102-106: Added nc availability check and fallback to bash TCP
   - Proper variable quoting and error handling

10. blacklist-check.sh: Replace deprecated host command with dig
    - Line 52: Changed from host to dig +short for consistency and timeout control

All scripts pass syntax validation.
Impact: Logic errors fixed, no security issues introduced, all existing functionality preserved.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-02-07 00:39:07 -05:00

1505 lines
47 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
################################################################################
# Nginx + Varnish + Apache Caching Manager for cPanel
################################################################################
# Purpose: Complete setup and management of Nginx → Varnish → Apache stack
# Architecture: Client → Nginx (80/443) → Varnish (6081) → Apache (81/444)
# Stock Approach: Uses cPanel's ea-nginx + Apache on default ports
# Only modifies Nginx proxy target (81 → 6081)
# Features:
# - Full automated setup with domain testing
# - Revert/rollback functionality
# - Self-healing diagnostics and auto-fix
# - Smart memory allocation based on server resources
# - Configuration health checks
# - Backup/restore of all configurations
# - cPanel hook for auto-recovery after updates
################################################################################
set -eo pipefail
# Path resolution
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh"
source "$SCRIPT_DIR/lib/system-detect.sh"
source "$SCRIPT_DIR/lib/reference-db.sh"
# Root check
if [ "$EUID" -ne 0 ]; then
print_error "This script must be run as root"
exit 1
fi
# Configuration
BACKUP_DIR="/root/nginx-varnish-backups"
VARNISH_VCL="/etc/varnish/default.vcl"
VARNISH_SERVICE="/usr/lib/systemd/system/varnish.service"
VARNISH_PORT="6081" # Varnish default port (stock)
APACHE_HTTP_PORT="81" # ea-nginx stock port (unchanged)
APACHE_HTTPS_PORT="444" # ea-nginx stock SSL port (unchanged)
NGINX_VENDOR_CONF="/etc/nginx/conf.d/includes-optional/cpanel-proxy-vendors/varnish-proxy.conf"
NGINX_CONFIG_SCRIPT="/etc/nginx/ea-nginx/config-scripts/global/varnish-integration.sh"
# Status indicators
STATUS_FILE="/root/.nginx-varnish-status"
HOOK_SCRIPT="/root/nginx-varnish-hook.sh"
HOOK_LOG="/var/log/nginx-varnish-hook.log"
################################################################################
# HELPER FUNCTIONS
################################################################################
# Check if cPanel Nginx is installed
check_nginx_installed() {
if rpm -q ea-nginx >/dev/null 2>&1; then
return 0
else
return 1
fi
}
# Check if Varnish is installed
check_varnish_installed() {
if rpm -q varnish >/dev/null 2>&1; then
return 0
else
return 1
fi
}
# Check if setup is already configured
check_if_configured() {
if [ -f "$STATUS_FILE" ] && grep -q "CONFIGURED=yes" "$STATUS_FILE" 2>/dev/null; then
return 0
else
return 1
fi
}
# Get total system RAM in MB
get_total_ram_mb() {
free -m | awk '/^Mem:/{print $2}'
}
# Calculate recommended Varnish memory
calculate_varnish_memory() {
local total_ram=$(get_total_ram_mb)
local varnish_mem
# Allocate 10-20% of total RAM for Varnish, with sensible limits
if [ "$total_ram" -lt 2048 ]; then
# Less than 2GB RAM - use 256MB
varnish_mem=256
elif [ "$total_ram" -lt 4096 ]; then
# 2-4GB RAM - use 512MB
varnish_mem=512
elif [ "$total_ram" -lt 8192 ]; then
# 4-8GB RAM - use 1GB
varnish_mem=1024
elif [ "$total_ram" -lt 16384 ]; then
# 8-16GB RAM - use 2GB
varnish_mem=2048
else
# 16GB+ RAM - use 4GB
varnish_mem=4096
fi
echo "$varnish_mem"
}
# Create backup with timestamp
create_backup() {
local timestamp=$(date +%Y%m%d_%H%M%S)
local backup_path="$BACKUP_DIR/backup_$timestamp"
# Check disk space before backup
local available_space=$(df /root | tail -1 | awk '{print $4}')
if [ "$available_space" -lt 51200 ]; then
print_error "Insufficient disk space for backup (less than 50MB available)"
return 1
fi
mkdir -p "$backup_path"
# Backup Nginx configs if they exist
if [ -f /etc/nginx/ea-nginx.conf ]; then
cp -a /etc/nginx/ea-nginx.conf "$backup_path/" 2>/dev/null || true
fi
if [ -d /etc/nginx/conf.d ]; then
cp -a /etc/nginx/conf.d "$backup_path/" 2>/dev/null || true
fi
if [ -d /etc/nginx/ea-nginx ]; then
cp -a /etc/nginx/ea-nginx "$backup_path/" 2>/dev/null || true
fi
# Backup Varnish configs if they exist
if [ -f /etc/varnish/default.vcl ]; then
cp -a /etc/varnish/default.vcl "$backup_path/" 2>/dev/null || true
fi
if [ -f /usr/lib/systemd/system/varnish.service ]; then
cp -a /usr/lib/systemd/system/varnish.service "$backup_path/" 2>/dev/null || true
fi
# Backup Apache configs
if [ -f /var/cpanel/cpanel.config ]; then
cp -a /var/cpanel/cpanel.config "$backup_path/" 2>/dev/null || true
fi
echo "$backup_path"
}
# Get list of cPanel domains
get_cpanel_domains() {
local domains=()
# Get domains from cPanel user data
if [ -d /var/cpanel/userdata ]; then
while IFS= read -r domain_file; do
if [[ "$domain_file" =~ \.cache$ ]] || [[ "$domain_file" =~ /cache$ ]] || [[ "$domain_file" =~ /main$ ]]; then
continue
fi
local domain=$(basename "$domain_file")
if [[ "$domain" != "." && "$domain" != ".." && "$domain" =~ \. ]]; then
domains+=("$domain")
fi
done < <(find /var/cpanel/userdata -type f 2>/dev/null | head -20)
fi
printf '%s\n' "${domains[@]}"
}
# Check if cPanel hook is registered
check_hook_registered() {
if [ -f /usr/local/cpanel/bin/manage_hooks ]; then
if /usr/local/cpanel/bin/manage_hooks list 2>/dev/null | grep -q "nginx-varnish-hook.sh"; then
return 0
fi
fi
return 1
}
# Register cPanel hook
register_hook() {
print_banner "Registering cPanel Recovery Hook"
# Ensure hook script exists
if [ ! -f "$HOOK_SCRIPT" ]; then
print_error "Hook script not found at $HOOK_SCRIPT"
return 1
fi
# Check if manage_hooks exists
if [ ! -f /usr/local/cpanel/bin/manage_hooks ]; then
print_warning "manage_hooks command not found - hook registration skipped"
print_info "Manual recovery available via 'Auto-Fix Issues' menu"
return 0
fi
# Check if already registered
if check_hook_registered; then
print_info "Hook already registered"
return 0
fi
# Register the hook
echo "Registering post-update hook..."
if /usr/local/cpanel/bin/manage_hooks add script "$HOOK_SCRIPT" \
--manual --category "VarnishProxy" --event upcp --stage post 2>/dev/null; then
print_success "cPanel hook registered successfully"
print_info "Hook will auto-recover Varnish config after cPanel updates"
return 0
else
print_warning "Failed to register hook - manual recovery will be required"
print_info "Use 'Auto-Fix Issues' menu after cPanel updates"
return 0
fi
}
# Unregister cPanel hook
unregister_hook() {
print_info "Unregistering cPanel recovery hook..."
# Check if manage_hooks exists
if [ ! -f /usr/local/cpanel/bin/manage_hooks ]; then
print_info "manage_hooks not available - no hook to unregister"
return 0
fi
# Check if registered
if ! check_hook_registered; then
print_info "Hook not registered"
return 0
fi
# Unregister the hook using full specification
if /usr/local/cpanel/bin/manage_hooks delete script "$HOOK_SCRIPT" \
--manual --category="VarnishProxy" --event=upcp --stage=post 2>/dev/null; then
print_success "cPanel hook unregistered"
else
print_warning "Failed to unregister hook (may require manual removal)"
fi
return 0
}
# Create ea-nginx config script for automatic recovery
create_eanginx_config_script() {
local config_script="/etc/nginx/ea-nginx/config-scripts/global/config-scripts-global-varnish"
print_info "Creating ea-nginx config script for automatic recovery..."
# Ensure directory exists
mkdir -p /etc/nginx/ea-nginx/config-scripts/global
# Create the config script
cat > "$config_script" <<'EOFSCRIPT'
#!/bin/bash
################################################################################
# ea-nginx Global Config Script: Varnish Proxy Auto-Fix
################################################################################
# Purpose: Automatically re-apply Varnish proxy configuration after ea-nginx
# config regeneration (runs every time ea-nginx config --global runs)
# Location: /etc/nginx/ea-nginx/config-scripts/global/
# Triggered by: ea-nginx config --global, ea-nginx config --all, cPanel updates
################################################################################
NGINX_CONF="/etc/nginx/conf.d/ea-nginx.conf"
STATUS_FILE="/root/.nginx-varnish-status"
LOG_FILE="/var/log/nginx-varnish-hook.log"
# Logging function
log_message() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ea-nginx-config-script] $1" >> "$LOG_FILE"
}
log_message "=== ea-nginx Config Script Triggered ==="
# Check if Varnish integration is configured
if [ ! -f "$STATUS_FILE" ] || ! grep -q "CONFIGURED=yes" "$STATUS_FILE" 2>/dev/null; then
log_message "Varnish not configured. Skipping."
exit 0
fi
log_message "Varnish integration detected. Checking Nginx configuration..."
# Check if nginx conf exists
if [ ! -f "$NGINX_CONF" ]; then
log_message "ERROR: Nginx config file not found at $NGINX_CONF"
exit 0
fi
# Check if configuration needs fixing (ea-nginx regenerated it to stock port 81)
if grep -q "^\s*default\s\+81\s*;" "$NGINX_CONF" 2>/dev/null; then
log_message "DETECTED: ea-nginx.conf regenerated with stock port 81. Re-applying Varnish proxy (port 6081)..."
# Re-apply proxy port change to Varnish
if sed -i 's/^\(\s*default\s\+\)81\s*;/\16081;/' "$NGINX_CONF" 2>/dev/null; then
log_message "SUCCESS: Proxy port changed to 6081 (Varnish)"
else
log_message "ERROR: Failed to change proxy port to 6081"
fi
else
log_message "Configuration already correct (points to port 6081). No action needed."
fi
log_message "=== Config Script Completed ==="
exit 0
EOFSCRIPT
chmod +x "$config_script"
if [ -f "$config_script" ] && [ -x "$config_script" ]; then
print_success "ea-nginx config script created successfully"
print_info "Script will auto-fix proxy port after ANY ea-nginx rebuild"
return 0
else
print_error "Failed to create ea-nginx config script"
return 1
fi
}
# Remove ea-nginx config script
remove_eanginx_config_script() {
local config_script="/etc/nginx/ea-nginx/config-scripts/global/config-scripts-global-varnish"
if [ -f "$config_script" ]; then
print_info "Removing ea-nginx config script..."
rm -f "$config_script"
print_success "ea-nginx config script removed"
fi
return 0
}
################################################################################
# INSTALLATION FUNCTIONS
################################################################################
# Install cPanel Nginx
install_cpanel_nginx() {
print_banner "Installing cPanel Nginx"
# Fix hostname resolution for Apache RemoteIPInternalProxy
local server_hostname=$(hostname -f 2>/dev/null || hostname)
if [ -n "$server_hostname" ]; then
if ! grep -q "127.0.0.1.*$server_hostname" /etc/hosts 2>/dev/null; then
echo "Adding hostname to /etc/hosts for Apache configuration..."
echo "127.0.0.1 $server_hostname" >> /etc/hosts
print_info "Added $server_hostname to /etc/hosts"
fi
fi
echo ""
echo "Installing ea-nginx package..."
if yum install -y ea-nginx; then
print_success "ea-nginx installed successfully"
else
print_error "Failed to install ea-nginx"
return 1
fi
echo ""
echo "Rebuilding HTTP configuration..."
if /scripts/rebuildhttpdconf; then
print_success "HTTP configuration rebuilt"
else
print_error "Failed to rebuild HTTP configuration"
return 1
fi
echo ""
echo "Enabling and starting Nginx..."
systemctl enable nginx
systemctl restart nginx
if systemctl is-active --quiet nginx; then
print_success "Nginx is running"
else
print_error "Nginx failed to start"
return 1
fi
return 0
}
# Install Varnish
install_varnish() {
print_banner "Installing Varnish Cache"
echo "Installing Varnish 6.6 from AlmaLinux repositories..."
echo "(Varnish 6.6 with VCL 4.1 support is fully compatible)"
echo ""
if yum install -y varnish; then
local varnish_version=$(varnishd -V 2>&1 | head -1)
print_success "Varnish installed successfully"
echo " Version: $varnish_version"
else
print_error "Failed to install Varnish"
return 1
fi
systemctl enable varnish
return 0
}
# Configure Varnish VCL
configure_varnish_vcl() {
print_banner "Configuring Varnish VCL"
cat > "$VARNISH_VCL" <<'EOFVCL'
vcl 4.1;
# Backend definition - Apache on port 81 (ea-nginx stock port)
backend default {
.host = "127.0.0.1";
.port = "81";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
# Normalize host header (for multi-domain support)
sub vcl_recv {
# Normalize the host header
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
# Don't cache admin/login pages for ANY domain
if (req.url ~ "^/wp-admin" ||
req.url ~ "^/wp-login.php" ||
req.url ~ "^/cpanel" ||
req.url ~ "^/webmail" ||
req.url ~ "^/whm" ||
req.url ~ "^/administrator") {
return (pass);
}
# Don't cache POST requests
if (req.method == "POST") {
return (pass);
}
# Don't cache if there's a shopping cart cookie (e-commerce sites)
if (req.http.Cookie ~ "cart" ||
req.http.Cookie ~ "woocommerce" ||
req.http.Cookie ~ "comment_" ||
req.http.Cookie ~ "wordpress_logged_in") {
return (pass);
}
# Don't cache requests with cookies (except static files)
if (req.http.Cookie && req.url !~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm|woff|woff2|ttf|svg|webp|mp4|mp3)$") {
return (pass);
}
# Cache static files - remove cookies
if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm|woff|woff2|ttf|svg|webp|mp4|mp3)$") {
unset req.http.Cookie;
return (hash);
}
# Pass everything else through for now (can optimize later)
return (pass);
}
sub vcl_backend_response {
# Cache static content for 1 hour
if (bereq.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm|woff|woff2|ttf|svg|webp)$") {
set beresp.ttl = 1h;
unset beresp.http.set-cookie;
}
# Cache HTML pages for 5 minutes (adjust as needed)
if (beresp.http.Content-Type ~ "text/html") {
set beresp.ttl = 5m;
}
# Don't cache if backend returns errors
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
set beresp.ttl = 0s;
return (deliver);
}
# Remove cookies from cached content
if (beresp.ttl > 0s) {
unset beresp.http.set-cookie;
}
}
sub vcl_deliver {
# Add header to show if request was cached
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
set resp.http.X-Cache-Hits = obj.hits;
} else {
set resp.http.X-Cache = "MISS";
}
# Add Varnish identifier
set resp.http.X-Served-By = "Varnish";
# Remove backend headers that expose server info (optional security)
unset resp.http.X-Powered-By;
unset resp.http.Server;
}
EOFVCL
# Test VCL configuration
# Note: /tmp is usually mounted with noexec on cPanel servers, so use -n parameter
# to specify a working directory outside /tmp
mkdir -p /var/lib/varnish/test
if varnishd -n /var/lib/varnish/test -C -f "$VARNISH_VCL" >/dev/null 2>&1; then
print_success "VCL configuration is valid"
return 0
else
print_error "VCL configuration is invalid"
return 1
fi
}
# Configure Varnish to listen on port 81
configure_varnish_port() {
local varnish_mem="${1:-256}"
print_banner "Configuring Varnish Port and Memory"
echo "Setting Varnish to listen on port $VARNISH_PORT with ${varnish_mem}m RAM..."
# Create systemd override directory
mkdir -p /etc/systemd/system/varnish.service.d/
# Create override configuration
cat > /etc/systemd/system/varnish.service.d/override.conf <<EOFSERVICE
[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :${VARNISH_PORT} -f /etc/varnish/default.vcl -s malloc,${varnish_mem}m
EOFSERVICE
systemctl daemon-reload
print_success "Varnish configured to use port $VARNISH_PORT with ${varnish_mem}m RAM"
return 0
}
# Configure Nginx to proxy to Varnish
configure_nginx_varnish_proxy() {
print_banner "Configuring Nginx to Proxy to Varnish"
local nginx_conf="/etc/nginx/conf.d/ea-nginx.conf"
# Check if ea-nginx.conf exists
if [ ! -f "$nginx_conf" ]; then
print_error "ea-nginx configuration file not found: $nginx_conf"
return 1
fi
# Modify the CPANEL_APACHE_PROXY_PORT from 81 (Apache) to 6081 (Varnish)
# This is the ONLY modification - Apache stays on stock ports!
echo "Changing Nginx proxy port from 81 (Apache) to 6081 (Varnish)..."
if sed -i 's/^\(\s*default\s\+\)81\s*;/\16081;/' "$nginx_conf" 2>/dev/null; then
# Verify the change was made
if grep -q "default 6081;" "$nginx_conf" 2>/dev/null; then
print_success "Modified ea-nginx.conf to proxy to Varnish (port 6081)"
else
print_warning "Port was already set to 6081 or another value"
fi
else
print_error "Failed to modify ea-nginx.conf"
return 1
fi
# Test Nginx configuration
if nginx -t >/dev/null 2>&1; then
print_success "Nginx configuration is valid"
return 0
else
print_error "Nginx configuration test failed"
nginx -t 2>&1 | tail -5
return 1
fi
}
# Test domain accessibility
test_domain() {
local domain="$1"
local protocol="$2"
local url="${protocol}://${domain}"
local response=$(curl -s -o /dev/null -w "%{http_code}" --max-time 5 "$url" 2>/dev/null || echo "000")
local varnish_header=$(curl -s -I --max-time 5 "$url" 2>/dev/null | grep -i "X-Served-By" | grep -i "Varnish" || true)
if [ "$response" = "200" ] || [ "$response" = "301" ] || [ "$response" = "302" ]; then
if [ -n "$varnish_header" ]; then
echo "$domain ($protocol): $response - Varnish active"
return 0
else
echo "$domain ($protocol): $response - No Varnish header"
return 1
fi
else
echo "$domain ($protocol): $response"
return 1
fi
}
################################################################################
# DIAGNOSTIC FUNCTIONS
################################################################################
# Run comprehensive diagnostics
run_diagnostics() {
print_banner "Nginx + Varnish Health Check"
local issues_found=0
echo "Checking service status..."
echo ""
# Check Nginx
if systemctl is-active --quiet nginx; then
print_success "Nginx is running"
else
print_error "Nginx is not running"
issues_found=$((issues_found + 1))
fi
# Check Varnish
if systemctl is-active --quiet varnish; then
print_success "Varnish is running"
else
print_error "Varnish is not running"
issues_found=$((issues_found + 1))
fi
# Check Apache
if systemctl is-active --quiet httpd; then
print_success "Apache is running"
else
print_error "Apache is not running"
issues_found=$((issues_found + 1))
fi
echo ""
echo "Checking port configuration..."
echo ""
# Check ports
if netstat -tlnp 2>/dev/null | grep -q ":80.*nginx"; then
print_success "Nginx listening on port 80"
else
print_error "Nginx not listening on port 80"
issues_found=$((issues_found + 1))
fi
if netstat -tlnp 2>/dev/null | grep -q ":443.*nginx"; then
print_success "Nginx listening on port 443"
else
print_error "Nginx not listening on port 443"
issues_found=$((issues_found + 1))
fi
if netstat -tlnp 2>/dev/null | grep -q ":${VARNISH_PORT}.*varnish"; then
print_success "Varnish listening on port $VARNISH_PORT"
else
print_error "Varnish not listening on port $VARNISH_PORT"
issues_found=$((issues_found + 1))
fi
if netstat -tlnp 2>/dev/null | grep -q ":${APACHE_HTTP_PORT}.*httpd"; then
print_success "Apache listening on port $APACHE_HTTP_PORT"
else
print_error "Apache not listening on port $APACHE_HTTP_PORT"
issues_found=$((issues_found + 1))
fi
echo ""
echo "Checking configuration files..."
echo ""
# Check VCL
if [ -f "$VARNISH_VCL" ]; then
if varnishd -C -f "$VARNISH_VCL" >/dev/null 2>&1; then
print_success "Varnish VCL is valid"
else
print_error "Varnish VCL has syntax errors"
issues_found=$((issues_found + 1))
fi
else
print_error "Varnish VCL file not found"
issues_found=$((issues_found + 1))
fi
# Check Nginx config
if nginx -t 2>&1 | grep -q "successful"; then
print_success "Nginx configuration is valid"
else
print_error "Nginx configuration has errors"
issues_found=$((issues_found + 1))
fi
# Check Varnish proxy config
if [ -f "$NGINX_VENDOR_CONF" ]; then
if grep -q "proxy_pass.*:${VARNISH_PORT}" "$NGINX_VENDOR_CONF"; then
print_success "Nginx is configured to proxy to Varnish"
else
print_error "Nginx proxy configuration incorrect"
issues_found=$((issues_found + 1))
fi
else
print_error "Nginx Varnish proxy config not found"
issues_found=$((issues_found + 1))
fi
echo ""
echo "Checking Varnish backend health..."
echo ""
if command -v varnishadm >/dev/null 2>&1; then
if varnishadm backend.list 2>/dev/null | grep -q "Healthy"; then
print_success "Varnish backend is healthy"
else
print_warning "Varnish backend may not be healthy"
issues_found=$((issues_found + 1))
fi
fi
echo ""
echo "Checking auto-recovery hook status..."
echo ""
if check_hook_registered; then
print_success "cPanel auto-recovery hook is registered"
print_info " Config will auto-fix after cPanel updates"
if [ -f "$HOOK_LOG" ]; then
local last_run=$(tail -1 "$HOOK_LOG" 2>/dev/null | grep -oP '\[\K[0-9: -]+' || echo "never")
print_info " Last hook execution: $last_run"
fi
else
print_warning "Auto-recovery hook not registered"
print_info " Manual recovery required after cPanel updates"
print_info " Use 'Auto-Fix Issues' menu after updates"
fi
echo ""
echo "════════════════════════════════════════════════════════════"
if [ "$issues_found" -eq 0 ]; then
print_success "All checks passed! Configuration is healthy."
return 0
else
print_warning "Found $issues_found issue(s) that may need attention"
return 1
fi
}
# Auto-fix common issues
auto_fix_issues() {
print_banner "Self-Healing: Auto-Fixing Common Issues"
local fixes_applied=0
echo "Checking for common issues and applying fixes..."
echo ""
# Fix 1: Restart services if not running
if ! systemctl is-active --quiet varnish; then
echo "Fixing: Varnish is not running..."
if systemctl restart varnish; then
print_success "Restarted Varnish"
fixes_applied=$((fixes_applied + 1))
else
print_error "Failed to restart Varnish"
fi
fi
if ! systemctl is-active --quiet nginx; then
echo "Fixing: Nginx is not running..."
if systemctl restart nginx; then
print_success "Restarted Nginx"
fixes_applied=$((fixes_applied + 1))
else
print_error "Failed to restart Nginx"
fi
fi
# Fix 2: Recreate Varnish proxy config if missing or incorrect
if [ ! -f "$NGINX_VENDOR_CONF" ] || ! grep -q "proxy_pass.*:${VARNISH_PORT}" "$NGINX_VENDOR_CONF"; then
echo "Fixing: Nginx Varnish proxy configuration..."
if configure_nginx_varnish_proxy; then
systemctl reload nginx
fixes_applied=$((fixes_applied + 1))
fi
fi
# Fix 3: Reload systemd if Varnish service override exists but daemon not reloaded
if [ -f /etc/systemd/system/varnish.service.d/override.conf ]; then
systemctl daemon-reload
print_success "Reloaded systemd configuration"
fixes_applied=$((fixes_applied + 1))
fi
# Fix 4: Rebuild HTTP conf if Nginx config is broken
if ! nginx -t >/dev/null 2>&1; then
echo "Fixing: Nginx configuration errors..."
if /scripts/rebuildhttpdconf && configure_nginx_varnish_proxy; then
systemctl reload nginx
print_success "Rebuilt Nginx configuration"
fixes_applied=$((fixes_applied + 1))
fi
fi
# Fix 5: Check if ea-nginx.conf points to stock port (81) instead of Varnish (6081)
if [ -f /etc/nginx/conf.d/ea-nginx.conf ]; then
if grep -q "default 81;" /etc/nginx/conf.d/ea-nginx.conf 2>/dev/null; then
echo "Fixing: Nginx proxy points to port 81 (stock Apache) instead of Varnish (6081)..."
if sed -i 's/^\(\s*default\s\+\)81\s*;/\16081;/' /etc/nginx/conf.d/ea-nginx.conf; then
systemctl reload nginx
print_success "Fixed proxy port to point to Varnish (6081)"
print_info "This was likely overwritten by cPanel update"
fixes_applied=$((fixes_applied + 1))
else
print_error "Failed to fix proxy port"
fi
fi
fi
# Fix 6: Re-register hook if missing
if ! check_hook_registered && [ -f "$HOOK_SCRIPT" ]; then
echo "Fixing: cPanel recovery hook not registered..."
if register_hook >/dev/null 2>&1; then
print_success "Re-registered auto-recovery hook"
fixes_applied=$((fixes_applied + 1))
fi
fi
echo ""
if [ "$fixes_applied" -gt 0 ]; then
print_success "Applied $fixes_applied fix(es)"
else
print_info "No fixes needed"
fi
return 0
}
################################################################################
# MAIN SETUP FUNCTION
################################################################################
full_setup() {
print_banner "Complete Nginx + Varnish Setup"
echo "This will set up the complete caching stack:"
echo ""
echo " Client → Nginx (80/443) → Varnish (6081) → Apache (81/444)"
echo ""
echo "⚠ WARNING: This setup is NOT officially supported by cPanel"
echo "⚠ cPanel updates may overwrite some configurations"
echo ""
read -p "Continue with installation? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Installation cancelled."
press_enter
return 0
fi
# Create backup first
echo ""
print_info "Creating backup of current configuration..."
local backup_path=$(create_backup)
print_success "Backup created at: $backup_path"
# Calculate recommended Varnish memory
local total_ram=$(get_total_ram_mb)
local recommended_mem=$(calculate_varnish_memory)
echo ""
echo "Server RAM: ${total_ram}MB"
echo "Recommended Varnish memory: ${recommended_mem}MB"
echo ""
# Step 1: Install cPanel Nginx if not already installed
if ! check_nginx_installed; then
echo ""
print_info "Step 1/5: Installing cPanel Nginx..."
if ! install_cpanel_nginx; then
print_error "Setup failed at Step 1"
press_enter
return 1
fi
else
print_success "Step 1/5: cPanel Nginx already installed"
fi
# Step 2: Install Varnish
if ! check_varnish_installed; then
echo ""
print_info "Step 2/5: Installing Varnish..."
if ! install_varnish; then
print_error "Setup failed at Step 2"
press_enter
return 1
fi
else
print_success "Step 2/5: Varnish already installed"
fi
# Step 3: Configure Varnish
echo ""
print_info "Step 3/5: Configuring Varnish..."
if ! configure_varnish_vcl; then
print_error "Setup failed at Step 3"
press_enter
return 1
fi
if ! configure_varnish_port "$recommended_mem"; then
print_error "Setup failed at Step 3"
press_enter
return 1
fi
# Step 4: Configure Nginx to proxy to Varnish
# Apache stays on stock ea-nginx ports (81/444) - NO changes needed!
echo ""
print_info "Step 4/5: Configuring Nginx to proxy to Varnish..."
if ! configure_nginx_varnish_proxy; then
print_error "Setup failed at Step 4"
press_enter
return 1
fi
# Step 5: Start services
echo ""
print_info "Step 5/5: Starting services..."
systemctl restart varnish
if systemctl is-active --quiet varnish; then
print_success "Varnish started successfully"
else
print_error "Failed to start Varnish"
press_enter
return 1
fi
systemctl restart nginx
if systemctl is-active --quiet nginx; then
print_success "Nginx restarted successfully"
else
print_error "Failed to restart Nginx"
press_enter
return 1
fi
# Register cPanel recovery hook
echo ""
print_info "Registering auto-recovery hooks..."
register_hook
create_eanginx_config_script
# Mark as configured
cat > "$STATUS_FILE" <<EOFSTATUS
CONFIGURED=yes
INSTALL_DATE=$(date +%Y-%m-%d)
VARNISH_MEMORY=${recommended_mem}m
BACKUP_PATH=$backup_path
EOFSTATUS
echo ""
print_success "═══════════════════════════════════════════════════════"
print_success "Setup completed successfully!"
print_success "═══════════════════════════════════════════════════════"
# Run diagnostics
echo ""
run_diagnostics
# Test domains
echo ""
print_info "Testing domain accessibility..."
echo ""
local test_domains=$(get_cpanel_domains | head -5)
if [ -n "$test_domains" ]; then
while IFS= read -r domain; do
test_domain "$domain" "http" || true
test_domain "$domain" "https" || true
done <<< "$test_domains"
else
print_warning "No domains found to test"
fi
echo ""
print_info "═══════════════════════════════════════════════════════"
print_info "Configuration Persistence:"
echo ""
print_success "✓ ea-nginx config script installed"
print_info " Auto-fixes proxy port after ANY ea-nginx rebuild"
echo ""
if check_hook_registered; then
print_success "✓ cPanel hook registered (upcp event)"
print_info " Additional recovery after cPanel updates"
else
print_warning "⚠ cPanel hook registration failed or not available"
print_info " ea-nginx config script will still provide auto-recovery"
fi
echo ""
print_info "Both recovery mechanisms log to: /var/log/nginx-varnish-hook.log"
print_info "Backup location: $backup_path"
print_info "Use 'Revert Setup' option to fully remove Varnish integration"
echo ""
print_warning "⚠ IMPORTANT: This setup is NOT officially supported by cPanel"
print_warning " Configuration auto-recovers, but run 'Health Check' to verify"
print_info "═══════════════════════════════════════════════════════"
press_enter
}
################################################################################
# REVERT FUNCTION
################################################################################
revert_setup() {
print_banner "Revert Nginx + Varnish Setup"
if ! check_if_configured; then
print_warning "No active Nginx + Varnish configuration found"
press_enter
return 0
fi
echo "This will:"
echo " 1. Stop and disable Varnish"
echo " 2. Remove Varnish proxy configuration from Nginx"
echo " 3. Nginx will proxy directly to Apache again"
echo " 4. Optionally remove Varnish package"
echo ""
read -p "Continue with revert? (yes/no): " confirm
if [ "$confirm" != "yes" ]; then
echo "Revert cancelled."
press_enter
return 0
fi
# Create backup before reverting
echo ""
print_info "Creating backup before revert..."
local backup_path=$(create_backup)
print_success "Backup created at: $backup_path"
# Stop Varnish
echo ""
print_info "Stopping Varnish..."
systemctl stop varnish || true
systemctl disable varnish || true
# Restore Nginx proxy to point back to Apache (port 6081 → 81)
# Apache was never modified, so just restore the proxy setting!
echo ""
print_info "Restoring Nginx to proxy directly to Apache (port 81)..."
local nginx_conf="/etc/nginx/conf.d/ea-nginx.conf"
if [ -f "$nginx_conf" ]; then
sed -i 's/^\(\s*default\s\+\)6081\s*;/\181;/' "$nginx_conf" 2>/dev/null || true
print_success "Nginx proxy restored to Apache (port 81)"
fi
# Reload Nginx
print_info "Reloading Nginx..."
systemctl reload nginx
# Unregister cPanel hook and ea-nginx config script
echo ""
unregister_hook
remove_eanginx_config_script
# Remove status file
rm -f "$STATUS_FILE"
echo ""
print_success "Revert completed successfully"
echo ""
read -p "Do you want to uninstall Varnish package? (yes/no): " remove_varnish
if [ "$remove_varnish" = "yes" ]; then
print_info "Removing Varnish package..."
yum remove -y varnish || true
print_success "Varnish package removed"
fi
echo ""
print_info "Nginx is now proxying directly to Apache"
press_enter
}
################################################################################
# MEMORY ADJUSTMENT FUNCTIONS
################################################################################
adjust_varnish_memory() {
print_banner "Adjust Varnish Memory Allocation"
if ! check_varnish_installed; then
print_error "Varnish is not installed"
press_enter
return 1
fi
local total_ram=$(get_total_ram_mb)
local current_mem=$(grep "ExecStart.*malloc" /etc/systemd/system/varnish.service.d/override.conf 2>/dev/null | grep -oP 'malloc,\K[0-9]+' || echo "unknown")
echo "Server total RAM: ${total_ram}MB"
echo "Current Varnish memory: ${current_mem}MB"
echo ""
echo "Select memory allocation:"
echo ""
echo " 1) 256MB - For servers with <2GB RAM"
echo " 2) 512MB - For servers with 2-4GB RAM"
echo " 3) 1GB - For servers with 4-8GB RAM"
echo " 4) 2GB - For servers with 8-16GB RAM"
echo " 5) 4GB - For servers with 16GB+ RAM"
echo " 6) Custom amount"
echo " 7) Auto-calculate based on current RAM usage"
echo " 0) Cancel"
echo ""
read -p "Select option: " mem_choice
local new_mem=""
case $mem_choice in
1) new_mem=256 ;;
2) new_mem=512 ;;
3) new_mem=1024 ;;
4) new_mem=2048 ;;
5) new_mem=4096 ;;
6)
echo ""
read -p "Enter custom memory in MB (or 0 to cancel): " custom_mem
if [ "$custom_mem" = "0" ] || [ -z "$custom_mem" ]; then
echo "Cancelled."
press_enter
return 0
fi
new_mem="$custom_mem"
;;
7)
new_mem=$(calculate_varnish_memory)
echo ""
print_info "Auto-calculated memory: ${new_mem}MB"
;;
0)
echo "Cancelled."
press_enter
return 0
;;
*)
print_error "Invalid option"
press_enter
return 1
;;
esac
if [ -z "$new_mem" ]; then
print_error "Invalid memory value"
press_enter
return 1
fi
echo ""
print_info "Setting Varnish memory to ${new_mem}MB..."
configure_varnish_port "$new_mem"
echo ""
print_info "Restarting Varnish..."
if systemctl restart varnish; then
print_success "Varnish memory updated to ${new_mem}MB"
# Update status file
if [ -f "$STATUS_FILE" ]; then
sed -i "s/VARNISH_MEMORY=.*/VARNISH_MEMORY=${new_mem}m/" "$STATUS_FILE"
fi
else
print_error "Failed to restart Varnish"
fi
press_enter
}
################################################################################
# CACHE MANAGEMENT FUNCTIONS
################################################################################
manage_varnish_cache() {
print_banner "Varnish Cache Management"
if ! systemctl is-active --quiet varnish; then
print_error "Varnish is not running"
press_enter
return 1
fi
echo " 1) Clear all cache"
echo " 2) Clear cache for specific domain"
echo " 3) View cache statistics"
echo " 4) View cache hit ratio"
echo " 0) Cancel"
echo ""
read -p "Select option: " cache_choice
case $cache_choice in
1)
echo ""
print_info "Clearing all Varnish cache..."
if varnishadm "ban req.url ~ /" 2>/dev/null; then
print_success "Cache cleared successfully"
else
print_error "Failed to clear cache"
fi
;;
2)
echo ""
read -p "Enter domain name (or 0 to cancel): " domain
if [ "$domain" = "0" ] || [ -z "$domain" ]; then
echo "Cancelled."
else
print_info "Clearing cache for $domain..."
if varnishadm "ban req.http.host == $domain" 2>/dev/null; then
print_success "Cache cleared for $domain"
else
print_error "Failed to clear cache"
fi
fi
;;
3)
echo ""
print_info "Varnish cache statistics (press 'q' to quit):"
echo ""
varnishstat || print_error "Failed to get statistics"
;;
4)
echo ""
print_info "Cache hit ratio:"
echo ""
varnishstat -1 | grep -E 'cache_hit|cache_miss' || print_error "Failed to get statistics"
;;
0)
return 0
;;
*)
print_error "Invalid option"
;;
esac
press_enter
}
################################################################################
# BACKUP/RESTORE FUNCTIONS
################################################################################
manage_backups() {
print_banner "Backup & Restore Management"
echo " 1) Create new backup"
echo " 2) List available backups"
echo " 3) Restore from backup"
echo " 0) Cancel"
echo ""
read -p "Select option: " backup_choice
case $backup_choice in
1)
echo ""
print_info "Creating backup..."
local backup_path=$(create_backup)
print_success "Backup created at: $backup_path"
;;
2)
echo ""
if [ -d "$BACKUP_DIR" ] && [ "$(ls -A $BACKUP_DIR 2>/dev/null)" ]; then
echo "Available backups:"
echo ""
ls -lh "$BACKUP_DIR" | grep "^d" | awk '{print $9, "("$6, $7, $8")"}'
else
print_info "No backups found"
fi
;;
3)
echo ""
if [ ! -d "$BACKUP_DIR" ] || [ ! "$(ls -A $BACKUP_DIR 2>/dev/null)" ]; then
print_error "No backups available"
press_enter
return 1
fi
echo "Available backups:"
echo ""
local backups=($(ls -d "$BACKUP_DIR"/backup_* 2>/dev/null | sort -r))
local count=1
for backup in "${backups[@]}"; do
echo " $count) $(basename "$backup")"
count=$((count + 1))
done
echo " 0) Cancel"
echo ""
read -p "Select backup to restore: " restore_choice
if [ "$restore_choice" = "0" ]; then
echo "Cancelled."
elif [ "$restore_choice" -ge 1 ] && [ "$restore_choice" -lt "$count" ]; then
local selected_backup="${backups[$((restore_choice - 1))]}"
echo ""
print_warning "This will restore configuration from: $(basename "$selected_backup")"
read -p "Continue? (yes/no): " confirm
if [ "$confirm" = "yes" ]; then
print_info "Restoring backup..."
# Check disk space before restore
local available_space=$(df /etc | tail -1 | awk '{print $4}')
if [ "$available_space" -lt 10240 ]; then
print_error "Insufficient disk space (less than 10MB available)"
press_enter
return 1
fi
# Restore files
[ -f "$selected_backup/ea-nginx.conf" ] && cp -f "$selected_backup/ea-nginx.conf" /etc/nginx/
[ -d "$selected_backup/conf.d" ] && cp -rf "$selected_backup/conf.d/"* /etc/nginx/conf.d/
[ -f "$selected_backup/default.vcl" ] && cp -f "$selected_backup/default.vcl" /etc/varnish/
# Reload services
systemctl daemon-reload
systemctl reload nginx || true
systemctl restart varnish || true
print_success "Backup restored successfully"
else
echo "Restore cancelled."
fi
else
print_error "Invalid selection"
fi
;;
0)
return 0
;;
*)
print_error "Invalid option"
;;
esac
press_enter
}
################################################################################
# VIEW LOGS FUNCTION
################################################################################
view_logs() {
print_banner "View Service Logs"
echo " 1) Varnish logs (live)"
echo " 2) Nginx error log (tail)"
echo " 3) Nginx access log (tail)"
echo " 4) Apache error log (tail)"
echo " 0) Cancel"
echo ""
read -p "Select option: " log_choice
case $log_choice in
1)
echo ""
print_info "Viewing Varnish logs (press Ctrl+C to exit)..."
echo ""
varnishlog || print_error "Failed to view logs"
;;
2)
echo ""
print_info "Viewing Nginx error log (press Ctrl+C to exit)..."
echo ""
tail -f /var/log/nginx/error.log || print_error "Failed to view logs"
;;
3)
echo ""
print_info "Viewing Nginx access log (press Ctrl+C to exit)..."
echo ""
tail -f /var/log/nginx/access.log || print_error "Failed to view logs"
;;
4)
echo ""
print_info "Viewing Apache error log (press Ctrl+C to exit)..."
echo ""
tail -f /usr/local/apache/logs/error_log || print_error "Failed to view logs"
;;
0)
return 0
;;
*)
print_error "Invalid option"
;;
esac
press_enter
}
################################################################################
# MAIN MENU
################################################################################
show_varnish_menu() {
clear
print_banner "Nginx + Varnish Caching Manager"
# Show current status
if check_if_configured; then
echo -e "${GREEN}✓ Status: Configured and Active${NC}"
if [ -f "$STATUS_FILE" ]; then
local install_date=$(grep "INSTALL_DATE" "$STATUS_FILE" | cut -d= -f2)
local varnish_mem=$(grep "VARNISH_MEMORY" "$STATUS_FILE" | cut -d= -f2)
echo " Installed: $install_date"
echo " Varnish Memory: $varnish_mem"
fi
else
echo -e "${YELLOW}○ Status: Not Configured${NC}"
fi
echo ""
echo -e "${BOLD}Setup & Installation:${NC}"
echo ""
echo " 1) Full Setup - Install and configure complete stack"
echo " 2) Revert Setup - Remove Varnish integration"
echo ""
echo -e "${BOLD}Diagnostics & Maintenance:${NC}"
echo ""
echo " 3) Run Health Check - Diagnose configuration issues"
echo " 4) Auto-Fix Issues - Self-healing diagnostics"
echo " 5) Test Domains - Check domain accessibility and caching"
echo ""
echo -e "${BOLD}Optimization:${NC}"
echo ""
echo " 6) Adjust Varnish Memory - Change RAM allocation"
echo " 7) Manage Varnish Cache - Clear cache, view stats"
echo ""
echo -e "${BOLD}Advanced:${NC}"
echo ""
echo " 8) Backup & Restore - Manage configuration backups"
echo " 9) View Logs - Service logs and monitoring"
echo ""
echo " 0) Return to Performance Menu"
echo ""
echo "═══════════════════════════════════════════════════════════"
echo -n "Select option: "
}
# Main loop
run_varnish_manager() {
while true; do
show_varnish_menu
read -r choice
case $choice in
1) full_setup ;;
2) revert_setup ;;
3) run_diagnostics; press_enter ;;
4) auto_fix_issues; press_enter ;;
5)
print_banner "Testing Domains"
echo ""
local test_domains=$(get_cpanel_domains | head -10)
if [ -n "$test_domains" ]; then
while IFS= read -r domain; do
test_domain "$domain" "http" || true
test_domain "$domain" "https" || true
done <<< "$test_domains"
else
print_warning "No domains found to test"
fi
press_enter
;;
6) adjust_varnish_memory ;;
7) manage_varnish_cache ;;
8) manage_backups ;;
9) view_logs ;;
0)
clear
exit 0
;;
*)
echo ""
print_error "Invalid option"
sleep 1
;;
esac
done
}
# Run main menu
run_varnish_manager
Reference in New Issue View Git Blame Copy Permalink