Here is how to configure Varnish Cache for a HTTPS website, running on Ubuntu 14.04 on HP Cloud. Use a dev server to get used with Varnish. Varnish Cache is notorious for throwing Guru Meditation Error. As basically it is difficult to configure Varnish Cache for HTTPS for the new users, we are writing a separate guide. We frankly do not recommend to use Varnish with HTTPS because it will not give much advantage.
Needed Setup to Configure Varnish Cache (HP Cloud Specific)
We are taking it granted that the reader has sufficient working knowledge on HP Cloud Specific areas like running an instance on HP Cloud and works like installing WordPress with Nginx or Apache2 web server software.
This guide is HP Cloud specific. We will assume that the reader is using either GNU/Linux or OS X. windozzz users has PuTTY.
---
Steps to Configure Varnish Cache (HP Cloud Specific)
Varnish is configured to listen on port 6081 by default and expects that the web server is on the same server & listening to port 8080. The diagram will become like this :
The image is drawn trickily. Those are fools like me, can install everything on one server & those who are very clever like me (double role lol) can use a separate database server and other separate-separate stuffs.
These steps installs Varnish :
1 2 3 4 5 6 | sudo apt-get install apt-transport-https curl https://repo.varnish-cache.org/ubuntu/GPG-key.txt | sudo apt-key add - sudo sh -c 'echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0" >> /etc/apt/sources.list.d/varnish-cache.list' # see here on browser - https://repo.varnish-cache.org/ubuntu/dists/ # sudo apt-get update sudo apt-get install varnish |
We have already Nginx installed and configuration is somewhat like this :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | server { listen 443 ssl; server_name thecustomizewindows.com; ssl_certificate /etc/nginx/ssl/thecustomizewindows/nginx.crt; ssl_certificate_key /etc/nginx/ssl/thecustomizewindows/nginx.key; location / { proxy_pass http://10.0.0.19:80; # proxy_pass http://127.0.0.1:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $host; } } |
So, Nginx is handling 443 stuffs, right? You need to edit two files. One is :
1 | nano vi /etc/varnish/default.vcl |
Things should look like these :
1 2 3 4 5 6 7 8 9 10 | backend default { .host = "10.0.0.19"; .port = "80"; } .... sub vcl_backend_response { set beresp.ttl = 10s; set beresp.grace = 1h; } |
10.0.0.19 is our instance’s subnet and set from hosts file.
Other file is /etc/default/varnish it should look like this :
1 | DAEMON_OPTS="-a :80 \ |
Restart both services :
1 | service varnish restart && service nginx restart |
As you can see – Varnish will never give any advantage if the site is HSTS like that of us. We would tell you the same thing like Rahul Bansal (RTCamp) – “Varnish + Nginx does not worth the effort”. We use XCache for WordPress and it frankly pushes the site faster, then Akamai Caches. Our less optimized part is SSL negotiation part. Why we avoid it is a separate story.
Tagged With paperuri:(521168c921eb25acf44b83664b4031a9) , php remote_addr ubuntu varnish