Adding Varnish in front of Apache
Authorsupport support Article Reference NumberAA-05026 Views4072 0 Rating/ 2 Voters

Varnish Web Accelerator

What is Varnish?

Varnish is an open source 'Web Accelerator' that can help speed up your website. It has the ability to cache static elements, such as images or javascript. I can also be used for load balancing or web security.

Installing Varnish

Adding varnish is relatively easy to do it is recommended to add the varnish repo as this will ensure that you have the most recent version

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo "deb http://repo.varnish-cache.org/debian/ $(lsb_release -s -c) varnish-2.1" >> /etc/apt/sources.list

Update using apt and install varnish

apt-get update
apt-get install varnish

It is now installed it'd time to configure varnish the default varnish port needs to be modified.

vi /etc/default/varnish

Locate the line 'DAEMON_OPTS=' and change :6081 to :80 look for /etc/varnish/default.vcl and change default to something else in the example we will use site.vcl when you are done save the file.

Now we need to create site.vcl under /etc/varnish

vi /etc/varnish/site.vcl

enter the following

## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}
## Fetch
sub vcl_fetch {
        ## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;
        
        ## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
        ## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
        ## Deliver the content
        return(deliver);
}

## Deliver
sub vcl_deliver {
        ## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
              ## Since we're not caching (yet), why bother telling people we use it?
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;
        
        ## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}

Configuring Apache for Varnish

Now that varnish is installed and configured, we need to modify the ports of the vhost as well as apache2

vi /etc/apache2/ports.conf

Change

NameVirtualHost *:80
Listen 80

to the following

NameVirtualHost *:8000
Listen 127.0.0.1:8000

Now under each vhost file change

<VirtualHost *:80>

to

<VirtualHost *:8000>

Your vhosts are now configured to run with Varnish. For logging purposes we can install an added component RPAF which will replace the Varnish local ip of 127.0.0.1 to the visitors address

apt-get install libapache2-mod-rpaf

Restarting Daemons and checking your Configuration

At this point Apache and Varnish are configured correct and we would need to restart each service

/etc/init.d/apache2 restart

/etc/init.d/varnish restart

You can check to see if each service is running on the correct ports using netstat

netstat -lp | grep apache2
tcp        0      0 localhost:8000          *:*                     LISTEN      6941/apache2

for Varnish

netstat -lp | grep varnish
tcp        0      0 *:www                   *:*                     LISTEN      21919/varnishd
tcp6       0      0 [::]:www                [::]:*                  LISTEN      21919/varnishd
Comments(0)
There are no comments for this article.
Info Add Comment
Nickname: Email (will not be shown): Subject: Comment:
Quick Jump Menu
Subscribe to updates Subscribe to Updates
Email to a frien Email to a Friend
Print Print Article
Info Vote
Info Ask a Question
Email (will not be shown): Subject: Question: