Varnish demands experience and keeping an eye on your server. For that reason, test this guide on a non-production, non-money-making site with SSL. It will cost $5/month or less to host such a WordPress site on a VPS. If you manage the HTTPS site with Varnish for a couple of months, you’ll gain some confidence.
If ever Varnish started to throw errors on your production server, you have to quickly change ports, and settings files and gracefully restart Apache. That will revert the system. The Apache modules are super stable even when configured by a novice. You can always hire an expert to configure your server. But even in such cases, you have to know how to quickly revert to the last working state only with Apache.
The Initial Steps Before Setup of Varnish Cache
For this guide, your website should be correctly configured and working with LAMP stack and SSL/TLS certificate. We have tried to gracefully restart Apache whenever possible. So, for a production site, the front end will face minimal downtime.
---
Load all the necessary Apache modules:
1 2 3 4 5 6 7 8 9 10 | a2enmod rewrite a2enmod headers a2enmod ssl a2enmod proxy a2enmod proxy_balancer a2enmod proxy_http # configtest and graceful restart apachectl configtest sudo /etc/init.d/apache2 reload # service apache2 restart |
We will create two VirtualHost files for this configuration. We will go to /etc/apache2/sites-available/ and start creating the first new configuration, which we can say is ext-https (it is external):
1 2 | /etc/apache2/sites-available/ nano ext-https.conf |
The content of this file will be like this, you can add more directives for SSL/TLS:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | <VirtualHost *:443> ServerName example.com ErrorLog /var/log/apache2/ext-https_error.log CustomLog /var/log/apache2/ext-https_access.log combined SSLCertificateFile /etc/ssl/example.com.crt SSLCertificateKeyFile /etc/ssl/example.com.key # for wordpress RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME} ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost> |
The above configuration is the main for the frontend header. Next, we will create the second new configuration, which we can say is int-https (it is internal):
1 2 | /etc/apache2/sites-available/ nano int-https.conf |
The content of this file will be like this:
1 2 3 4 5 6 7 8 | <VirtualHost 127.0.0.1:8181> ServerName example.com DocumentRoot /var/www/example ErrorLog /var/log/apache2/int-http_error.log CustomLog /var/log/apache2/int-http_access.log combined #for wordpress SetEnvIf X-Forwarded-Proto https HTTPS=on </VirtualHost> |
Next, we will edit /etc/apache2/ports.conf so that the internal VirtualHost file can listen on localhost on port 8181:
1 | nano /etc/apache2/ports.conf |
Find and change the Listen directive:
1 | Listen 127.0.0.1:8181 |
At this point, Apache2 is working with the old configuration and the site is running fine.
Steps to Setup Varnish Cache
Install Varnish from the Ubuntu repo:
1 2 3 | apt-get update apt-get upgrade apt-get install varnish apache2 |
Open /lib/systemd/system/varnish.service :
1 | nano /lib/systemd/system/varnish.service |
Find this line:
1 | ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m |
Change to:
1 | ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m |
We have changed the port.
Open /etc/varnish/default.vcl :
1 | nano /etc/varnish/default.vcl |
Find this:
1 2 3 4 | backend default { .host = "127.0.0.1"; .port = "8080"; } |
Change to:
1 2 3 4 | backend default { .host = "127.0.0.1"; .port = "8181"; } |
Everything done. Now activate, and restart all the things:
Warning: Please disable any other virtual host configuration which is/are using port 80 and port 443 with a2dismod command before running these commands.
1 2 | a2ensite external-https a2ensite internal-http |
And finally:
1 2 3 4 5 | systemctl daemon-reload systemctl restart varnish apachectl configtest # if throws no error sudo /etc/init.d/apache2 reload |
The front end should be working fine with Varnish. You can check the logs:
1 2 3 | varnishlog cd /var/log/apache2 tail -f ext-https_access.log -f int-http_access.log |
We can use curl -v https://example.com command to check the header.
