Make Your Own CDN with NetBSD
The article outlines setting up a self-hosted CDN using NetBSD, Varnish, and nginx, detailing installation, SSL management, configuration, and benefits like control, device compatibility, and geo-replication options.
Read original article
This article provides a comprehensive guide on setting up a self-hosted Content Delivery Network (CDN) using NetBSD, a lightweight and secure operating system. It emphasizes NetBSD's compatibility with various hardware, including older devices, making it suitable for a caching reverse proxy. The installation process involves enabling binary package management and using the pkgin tool to install necessary packages like Varnish and nginx. Two methods for SSL certificate management are discussed: using acme.sh, which is recommended for its simplicity, and compiling the lego tool manually. The article details the configuration of Varnish and nginx, including creating a VCL configuration file for Varnish and modifying the nginx configuration to set up a reverse proxy. Finally, it outlines the steps to start both services, ensuring they are ready to handle incoming connections. The conclusion highlights the benefits of this setup, including control over the CDN and the ability to run on various devices, while also suggesting options for geo-replication and resilience through DNS management.
- The guide focuses on creating a self-hosted CDN using NetBSD, Varnish, and nginx.
- It provides two methods for SSL certificate management: acme.sh and lego.
- Configuration steps for Varnish and nginx are detailed, including VCL file creation.
- The setup is suitable for a variety of hardware, including older devices.
- The article suggests options for enhancing resilience and geo-replication.
Related
The FreeBSD-native-ish home lab and network
The author details a complex home lab setup with a FreeBSD server on a laptop, utilizing Jails for services like WordPress and emphasizing security measures and network configurations for efficiency and functionality.
Evolving the BSD Cafe Network Setup: From Bridging to Routing with FreeBSD
The article outlines the evolution of a FreeBSD network setup from a simple VPS to a complex multi-node network, emphasizing improved security, performance, and adaptability through advanced configurations and routing techniques.
Public JavaScript CDNs are useless and dangerous
Reliance on public CDNs is problematic due to security, privacy, and reliability issues. Self-hosting dependencies and private caching CDNs are recommended to enhance control and performance while mitigating risks.
Server Setup Basics for Self Hosting
The article outlines a guide for setting up a secure server for self-hosting applications, emphasizing SSH security, user management, log management, regular backups, network safety, and recommending NGINX as a web server.
Set Up a $4/Mo Hetzner VM to Skip the Serverless Tax
The article outlines a beginner-friendly guide to setting up a Hetzner virtual machine for $4/month, covering SSL installation, DNS configuration, and web application deployment using GitHub and PM2.
13 commentsHaving 1 server with some static file storage is called a web server.
One example of where it made the difference was where we had two commercial systems, let's call them System A and System B. System A was acting as front end for System B, but System A was making so many API calls to System B it was grinding it to a halt. System B's responses would only change when System A made a call to a few specific APIs - so we put Varnish between System A and System B caching the common API responses. We also set it up so that when a request was made to the handful of APIs that would change the other API's for an account, we'd invalidate all the cache entries for that one specific account. Once System A was talking to the Varnish cache the performance of both Systems drastically improved.
- You don't really need to repeat built-in VCLs in default.vcl. In the article, you can omit `vcl_hit`, `vcl_miss`, `vcl_purge`, `vcl_synth`, `vcl_hash`, etc. If you want to modify the behavior of built-in VCL, e.g. adding extra logs in vcl_purge, then just have `std.log` line and don't `return` (it will fall through to the built-in VCL). You can read more about built-in VCL on Varnish Developer Portal[1] and Varnish Cache documentation[2].
- Related to the above built-in VCL comment: `vcl_recv` current lacks all the guards provided by Varnish default VCL, so it's recommended to skip the `return (hash)` line at the end, so the built-in VCL can handle invalid requests and skip caching if Cookie or Authorization header is present. You may also want to use vmod_cookie[3] to keep only cookies you care about.
- Since Varnish is sitting behind another reverse proxy, it makes more sense to enable PROXY protocol, so client IPs are passed to Varnish as part of Proxy Protocol rather than X-Forwarded-For (so `client.ip`, etc. works). This means using `-a /var/run/varnish.sock,user=nginx,group=varnish,mode=660,PROXY`, and configuring `proxy_protocol on;` in Nginx.
[1]: https://www.varnish-software.com/developers/tutorials/varnis...
[2]: https://varnish-cache.org/docs/7.4/users-guide/vcl-built-in-...
[3]: https://varnish-cache.org/docs/trunk/reference/vmod_cookie.h...
https://it-notes.dragas.net/2024/08/26/building-a-self-hoste...
Varnish is not better in any shape or form than nginx for static content. Varnish has one single usecase, php-sites. - For everything else it will just add a layer of complexity that give no gains. And since varnish is essentially built on apache there is some issues with how it handles connections above about 50k/sec - where it gets complicated to configure, something that nginx does not have.
Related
The FreeBSD-native-ish home lab and network
The author details a complex home lab setup with a FreeBSD server on a laptop, utilizing Jails for services like WordPress and emphasizing security measures and network configurations for efficiency and functionality.
Evolving the BSD Cafe Network Setup: From Bridging to Routing with FreeBSD
The article outlines the evolution of a FreeBSD network setup from a simple VPS to a complex multi-node network, emphasizing improved security, performance, and adaptability through advanced configurations and routing techniques.
Public JavaScript CDNs are useless and dangerous
Reliance on public CDNs is problematic due to security, privacy, and reliability issues. Self-hosting dependencies and private caching CDNs are recommended to enhance control and performance while mitigating risks.
Server Setup Basics for Self Hosting
The article outlines a guide for setting up a secure server for self-hosting applications, emphasizing SSH security, user management, log management, regular backups, network safety, and recommending NGINX as a web server.
Set Up a $4/Mo Hetzner VM to Skip the Serverless Tax
The article outlines a beginner-friendly guide to setting up a Hetzner virtual machine for $4/month, covering SSL installation, DNS configuration, and web application deployment using GitHub and PM2.