Install Varnish 5.1 6 on Ubuntu 16.04 sound´s like easy. WTF? Not realy

Here is my configuration of Varnish with Nginx ssl on Ubuntu 16.04/18.04
With my configuration you don´t need adjust varnish port config. Feel free to adjust your Varnish config, increase your memory pool etc.

Update april 2018

*Please install directly Varnish 6 and no older Version *

Update July 2018

Notice for Ubuntu 18.04 it gives no deb package at the moment

you must use the xenial packages, see github comment

https://github.com/varnishcache/pkg-varnish-cache/issues/100

Update October 2018

DEB package for Ubuntu 18.04 are available

 

 

---

Install Varnish

First install Varnish  4.1 or 5.1 6

You can use Ubuntu repository

apt-get install varnish

Now you have Varnish 4.1 on the System

Or use these instructions to install Version 6

https://varnish-cache.org/releases/install_debian.html

So you will get Varnish 5.1 6

start and enable Varnish as service

sudo systemctl start varnish.service

sudo systemctl enable varnish.service

 

---

Trouble with systemd and varnish

Description from Varnish to config Varnish with systemd

https://docs.varnish-software.com/tutorials/configuring-systemd-services/

Look at here when you in trouble with systemd and Varnish or below, its easy to solve.

THX to Mattia for this great blog post or the new solution from varnish below. Varnish solution testet with version 6.

http://deshack.net/how-to-varnish-listen-port-80-systemd/ (Link is no longer valid)

This Snippet is from Mattia´s blog post
The real problem

The official tutorial is a little bit outdated. Or, better, doesn’t take into account the testing version of Debian, which uses systemd instead of init.d as init system. And this makes a huge difference, explained in a bug report. Basically, /etc/default/varnish is only read by the /etc/init.d/varnish script, not by the systemd init script (/lib/systemd/system/varnish.service).

Now that we know this little detail not reported in the documentation, it’s easy for us to solve the problem.

The easy solution

All we have to do is override the systemd init script of varnish and change something.

# cp /lib/systemd/system/varnish.service /etc/systemd/system/
# nano /etc/systemd/system/varnish.service

We come up with something like this:

[Unit]
Description=Varnish HTTP accelerator

[Service]
Type=forking
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/default.vcl
ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
ExecReload=/usr/share/varnish/reload-vcl

[Install]
WantedBy=multi-user.target

Which is similar to what we saw before. We already now that we have to change the port passed as a value to the -a flag:

ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m

Why don’t just let this script read the /etc/default/varnish file? Because we don’t know, for now, what systemd or other init systems are going to do with default files. They could ignore them in the future, for example. Therefore, the safest solution for us is writing the full command in the script itself.

Problems: reloading Varnish

After discovering what explained above, we could consider the varnish default file completely unuseful. That’s not right. In any moment we could want to reload the Varnish configuration, this way:

# systemctl reload varnish.service

And here come other problems. That command runs the /usr/share/varnish/reload-vcl script, which reads the /etc/default/varnish file. This implies that we have to update both /etc/systemd/system/varnish.service and /etc/default/varnish in order to make Varnish work properly.

---

Solution from Varnish

Customize Varnish default config

https://varnish-cache.org/docs/trunk/tutorial/putting_varnish_on_port_80.html

/etc/systemd/system/varnish.service.d/customexec.conf

cd /etc/systemd/system/

mkdir varnish.service.d

vim customexec.conf

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s default,1g

run systemctl daemon-reload and systemctl restart varnish

don´t edit your /etc/default/varnish changes there will not be affected to your varnish config. Edit your systemd conf file /etc/systemd/system/varnish.service.d/customexec.conf

---

Adjust some Varnish conf files.

/etc/varnish/default.vcl

adjust the port on the default.vcl or more when you need it. With Varnish 6 is default 8080.

Change it to 8080

#
# This is an example VCL file for Varnish.
#
# It does not do anything by default, delegating control to the
# builtin VCL. The builtin VCL is called when there is no explicit
# return statement.
#
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
# and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples.

# Marker to tell the VCL compiler that this VCL has been adapted to the
# new 4.0 format.
vcl 4.0;

# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}

sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
}

sub vcl_backend_response {
# Happens after we have read the response headers from the backend.
#
# Here you clean the response headers, removing silly Set-Cookie headers
# and other mistakes your backend does.
}

sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
}

look with properties Varnish is running

ps aux | grep varn
varnish 18342 0.0 5.3 118936 84584 ? SLs 08:53 0:00 /usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
vcache 18350 0.0 5.5 339568 87252 ? Sl 08:53 0:01 /usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
root 31137 0.0 0.0 11228 876 pts/6 S+ 09:47 0:00 grep –color=auto varn
root 31600 0.1 0.2 181600 3560 pts/4 Sl+ 09:09 0:04 varnishhist

Varnish is running you can test it with

your ip:6081

You will see a screen with a backend error, lets fix us this.

---

Install a webserver

Now we need the nginx web server or apache

apt-get install nginx

We need 3 config files

The first config file are redirect from port 80 to 443 and add www to your domain.

vim /etc/nginx/sites-available/redirect

server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}

We need our main config file that will be run our website. I will serve a static html page for the moment.

vim /etc/nginx/sites-available/roundtrip

server {
listen 8080 default_server;
root /var/www/html;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

}

The last config file our ssl termination with nginx. I´m using let´s encrypt certs. You can use self signed cert´s or buy something.

vim /etc/nginx/sites-available/ssl

server {
listen 443 http2 ssl;

server_name www.exmaple.com exmaple.com;
ssl_certificate /etc/letsencrypt/live/www.exmaple.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.exmaple.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:6081;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}

}

lets activate our new nginx config

cd /etc/nginx/sites-enabled/

ln -s /etc/nginx/sites-available/redirect redirect
ln -s /etc/nginx/sites-available/roundtrip roundtrip
ln -s /etc/nginx/sites-available/ssl ssl

check the config

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

service nginx restart

That´s it!