Apache Varnish ssl

You want to use apache with varnish and ssl. Let´s start.


First install Varnish 6

Please Look here for install Varnish on Ubuntu/Debian

https://packagecloud.io/varnishcache/varnish41/install#manual-deb

replace trusty with bionic

root@remote:~# cat /etc/apt/sources.list.d/varnishcache_varnish60.list
deb https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
deb-src https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main

 

Install Varnish 6

apt-get install varnish

2018-10-05 09_39_15-root@remote - byobu

 

 

start and enable Varnish as service

sudo systemctl start varnish.service

sudo systemctl enable varnish.service

2018-10-05 09_40_55-root@remote - byobu

Attention look here for more information about Varnish and Systemd

https://docs.varnish-software.com/tutorials/configuring-systemd-services/

Next Step we configure Varnish

 

systemctl edit varnish.service

 

Insert following, feel free do adjust your memory settings

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -p first_byte_timeout=600

2018-10-05 09_52_54-root@remote - byobu

we create a full replacement of varnish.service

systemctl edit --full varnish.service

Make your changes and save the file. After saving we reloading the systemd config

systemctl daemon-reload

 

You can also adjust /etc/varnish/default.vcl for Browser caching or anything else
https://konkretor.com/2017/05/29/leverage-browser-caching-with-varnish/

 

That´s it for install and adjust Varnish

Install Apache with SSL

apt-get install apache2

 

We create a redirect from http to https

vim /etc/apache2/sites-available/redirect.conf

 

<Virtualhost vhost.example.com>
ServerName vhost.example.com
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
</Virtualhost>

 

We create a new vhost file with rondtrip.conf, we running the static site with port 8080

vim /etc/apache2/sites-available/roundtrip.conf

 

<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

 

We create a new vhost file for ssl

vim /etc/apache2/sites-available/ssl.conf

 

<VirtualHost *:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/sslcert.key
SSLCertificateFile /etc/ssl/private/sslcert.crt
# SSLCertificateChainFile /eDigiCertCA.crt
</VirtualHost>

 

we delete the default site, we don´t need it

rm /etc/apache2/sites-enabled/000-default.conf

 

We are enable the apache config

a2ensite redirect.conf
a2ensite ssl.conf
a2ensite roundtrip.conf

We are enable port 8080

vim /etc/apache2/ports.conf

add

Listen 8080

Enable some modules that we need

a2enmod proxy
a2enmod proxy_http
a2enmod headers

Check your Apache Config

apachectl configtest

Restart your Apache

systemctl restart apache

 

That´s it!

Let’s Encrypt Wildcard certificate how to

Org post see here

 

https://community.letsencrypt.org/t/getting-wildcard-certificates-with-certbot/56285

Reqeuirement access to dns records of the domain

 

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

./certbot-auto certonly –manual -d *.domain.example -d example.domain –preferred-challenges dns-01 –server https://acme-v02.api.letsencrypt.org/directory

You will be prompted to add two txt records to your dns server, you should be able to do this.

 

that´s all