Install Varnish 5.1 6 on Ubuntu 16.04 sound´s like easy. WTF? Not realy
Here is my configuration of Varnish with Nginx ssl on Ubuntu 16.04/18.04
With my configuration you don´t need adjust varnish port config. Feel free to adjust your Varnish config, increase your memory pool etc.
Update april 2018
*Please install directly Varnish 6 and no older Version *
Update July 2018
Notice for Ubuntu 18.04 it gives no deb package at the moment
you must use the xenial packages, see github comment
https://github.com/varnishcache/pkg-varnish-cache/issues/100
Update October 2018
DEB package for Ubuntu 18.04 are available
Install Varnish
First install Varnish 4.1 or 5.1 6
You can use Ubuntu repository
apt-get install varnish
Now you have Varnish 4.1 on the System
Or use these instructions to install Version 6
https://varnish-cache.org/releases/install_debian.html
So you will get Varnish 5.1 6
start and enable Varnish as service
sudo systemctl start varnish.service
sudo systemctl enable varnish.service
Trouble with systemd and varnish
Description from Varnish to config Varnish with systemd
https://docs.varnish-software.com/tutorials/configuring-systemd-services/
Look at here when you in trouble with systemd and Varnish or below, its easy to solve.
THX to Mattia for this great blog post or the new solution from varnish below. Varnish solution testet with version 6.
http://deshack.net/how-to-varnish-listen-port-80-systemd/ (Link is no longer valid)
This Snippet is from Mattia´s blog post
The real problemThe official tutorial is a little bit outdated. Or, better, doesn’t take into account the testing version of Debian, which uses systemd instead of init.d as init system. And this makes a huge difference, explained in a bug report. Basically,
/etc/default/varnish
is only read by the/etc/init.d/varnish
script, not by the systemd init script (/lib/systemd/system/varnish.service
).Now that we know this little detail not reported in the documentation, it’s easy for us to solve the problem.
The easy solution
All we have to do is override the systemd init script of varnish and change something.
# cp /lib/systemd/system/varnish.service /etc/systemd/system/ # nano /etc/systemd/system/varnish.serviceWe come up with something like this:
[Unit] Description=Varnish HTTP accelerator [Service] Type=forking LimitNOFILE=131072 LimitMEMLOCK=82000 ExecStartPre=/usr/sbin/varnishd -C -f /etc/varnish/default.vcl ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m ExecReload=/usr/share/varnish/reload-vcl [Install] WantedBy=multi-user.targetWhich is similar to what we saw before. We already now that we have to change the port passed as a value to the -a flag:
ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256mWhy don’t just let this script read the
/etc/default/varnish
file? Because we don’t know, for now, what systemd or other init systems are going to do with default files. They could ignore them in the future, for example. Therefore, the safest solution for us is writing the full command in the script itself.Problems: reloading Varnish
After discovering what explained above, we could consider the varnish default file completely unuseful. That’s not right. In any moment we could want to reload the Varnish configuration, this way:
# systemctl reload varnish.serviceAnd here come other problems. That command runs the
/usr/share/varnish/reload-vcl
script, which reads the/etc/default/varnish
file. This implies that we have to update both/etc/systemd/system/varnish.service
and/etc/default/varnish
in order to make Varnish work properly.
Solution from Varnish
Customize Varnish default config
https://varnish-cache.org/docs/trunk/tutorial/putting_varnish_on_port_80.html
/etc/systemd/system/varnish.service.d/customexec.conf
cd /etc/systemd/system/
mkdir varnish.service.d
vim customexec.conf[Service] ExecStart= ExecStart=/usr/sbin/varnishd -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s default,1g
run systemctl daemon-reload
and systemctl restart varnish
don´t edit your /etc/default/varnish changes there will not be affected to your varnish config. Edit your systemd conf file /etc/systemd/system/varnish.service.d/customexec.conf
Adjust some Varnish conf files.
/etc/varnish/default.vcl
adjust the port on the default.vcl or more when you need it. With Varnish 6 is default 8080.
Change it to 8080
# # This is an example VCL file for Varnish. # # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; # Default backend definition. Set this to point to your content server. backend default { .host = "127.0.0.1"; .port = "8080"; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. } sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. }
look with properties Varnish is running
ps aux | grep varn
varnish 18342 0.0 5.3 118936 84584 ? SLs 08:53 0:00 /usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
vcache 18350 0.0 5.5 339568 87252 ? Sl 08:53 0:01 /usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
root 31137 0.0 0.0 11228 876 pts/6 S+ 09:47 0:00 grep –color=auto varn
root 31600 0.1 0.2 181600 3560 pts/4 Sl+ 09:09 0:04 varnishhist
Varnish is running you can test it with
your ip:6081
You will see a screen with a backend error, lets fix us this.
Install a webserver
Now we need the nginx web server or apache
apt-get install nginx
We need 3 config files
The first config file are redirect from port 80 to 443 and add www to your domain.
vim /etc/nginx/sites-available/redirect
server { listen 80; server_name example.com; return 301 https://www.example.com$request_uri; }
We need our main config file that will be run our website. I will serve a static html page for the moment.
vim /etc/nginx/sites-available/roundtrip
server { listen 8080 default_server; root /var/www/html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } }
The last config file our ssl termination with nginx. I´m using let´s encrypt certs. You can use self signed cert´s or buy something.
vim /etc/nginx/sites-available/ssl
server { listen 443 http2 ssl; server_name www.exmaple.com exmaple.com; ssl_certificate /etc/letsencrypt/live/www.exmaple.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.exmaple.com/privkey.pem; location / { proxy_pass http://127.0.0.1:6081; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $host; } }
lets activate our new nginx config
cd /etc/nginx/sites-enabled/ ln -s /etc/nginx/sites-available/redirect redirect ln -s /etc/nginx/sites-available/roundtrip roundtrip ln -s /etc/nginx/sites-available/ssl ssl check the config nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful service nginx restart
That´s it!
only works on port 6081, connection refused on port 80
LikeLike
why would you run varnish on port 80? it make´s no sense to run varnish on port 80. You should secure your application with ssl
LikeLike
@konkretor I’m all about making sense but by doing this I have shaved 300+ms on page load, every little bit helps. The article above unfortunately no longer works because of a directory change and remapping required, I did end up figuring this out myself, every tutorial was incorrect and outdated so i created a fresh working tut for 2018 including video. you can find it here. If the author would also like to use my work with canonical then please do. After all its about helping the community! https://www.seodevs.com/seo/page-speed-tutorials/page-speed-tutorial-varnish-https-2018/
LikeLike
Hi maltonge,
i have updatet my little guide and fixed some errors in this config.
fresh testet with ubuntu 16.04 and varnish 6
LikeLike
Hi maltonge,
i wil check my how to to varnish and nginx the next few days.
nice how to on your site!
LikeLike
Hello, please, is possible I use LAMP + NGINX + Varnish SSL with this tutorial? I tried but I can’t make this, is possible or ir other method? ( I installed LAMP first, so I tried install Varnish 6 and latter config NGINX, but I don’t know if work )
LikeLike
Hi Breno,
you still need apache? You can run a lemp stack, please look here https://www.linode.com/docs/web-servers/lemp/
I think it´s time to make a how to for apache with varnish and ssl. I need a few days for this
LikeLike
Hi Breno,
just look here. Varnish with Apache https://konkretor.com/2018/10/05/apache-varnish-ssl/
LikeLike
Dear, sorry please, I understand this:
Nginx ( LEMP ) —> Varnish —> Client
|
————————- Nginx SSL (connected with varnish) —> Client
Right??
I have store working with wordpress ( LEMP ), I need install other Nginx to configure SSL?? I don’t understand… is required Two Nginx? 1 with lemp, wordpress… and other just to SSL? Can you help me?
Thank you very much!!!
LikeLike
Hi Breno,
you must only modify your current (LEMP) stack.
Please look here https://www.linode.com/docs/websites/varnish/use-varnish-and-nginx-to-serve-wordpress-over-ssl-and-http-on-debian-8/
LikeLike
Pingback: Varnish port 80, не может общаться с NGINX port 81 — nginx веб-сервер vps
Hey! I simply would like to give an enormous thumbs up for the great information you have got here on this post. I will be coming back to your weblog for extra soon.
LikeLiked by 1 person