I recently installed Varnish Cache infront of all of my websites on this server, good news was the websites got a lot faster and the cache was great and offloading the effects of traffic spikes, my testing with apache bench showed some great results, but more on that another day.
So basically my setup is as follows:
There was a problem with this, previously users were hitting the Nginx web server and this was then reverse proxying php connections though to php-fpm. However now a cache was installed this was the users first processing stop, any connections from varnish cache to the Nginx web server were done over the server internals transparent to the user. Basically Nginx was seeing the source address as 127.0.0.1 (Varnish) no matter what the client IP address was.
This IP was playing havoc with some of my applications that monitor DDOS attacks and just general website performance/user statistics, however there was some good news.
Varnish can create the same logs as your web server would normally do, it just needs a bit of configuration, enter the following in your /etc/rc.local file, also run it from command line:
varnishncsa -a -w /var/log/varnish/access.log -D -P /var/run/varnishncsa.pid
This will create a log file in /var/log/varnish/access.log using the same setup as normal.
Not this is an access log, not an error log, more on that another day. You might also want to check out this blog if you want help of setting up stats, however I will be covering my version of that soon.