Caching with Varnish
Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP and other network protocols.
Here , I will explain how to get varnish in front of apache2 or accelerate apache2 with varnish .
First do this :
sudo -s;curl http://repo.varnish-cache.org/debian/GPG-key.txt | sudo apt-key add -
sudo -s;echo "deb http://repo.varnish-cache.org/ubuntu/ precise varnish-3.0" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
sudo apt-get install varnish
Each line seperately run from terminal . or just (not recommended) :
sudo apt-get install varnish
Now do this :
nano /etc/default/varnish
And search for :
DAEMON OPTS=”-a *:6081
And edit that as :
DAEMON OPTS=”-a *:80
Also edit default.vcl to something else, I took “mysite.vcl” .
To save use ‘ctrl+x’ and then ‘y’ and ‘enter’ .
Now do this :
nano /etc/varnish/mysite.vcl
and put below texts there .
## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
.host = "127.0.0.1";
.port = "8000";
}
## Fetch
sub vcl_fetch {
if (req.url ~ "^/js/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
if (req.url ~ "^/css/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
if (req.url ~ "^/img/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
## Remove the X-Forwarded-For header if it exists.
remove req.http.X-Forwarded-For;
## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
if (req.url ~ "^/w00tw00t") {
error 403 "Not permitted";
}
## Deliver the content
return(deliver);
}
# create ACL
acl fahad {
"localhost";
"***.***.***.***";
}
sub vcl_recv {
if (req.url ~ ".(png|gif|jpg)$") {
remove req.http.Cookie; }
# unset req.http.cookie;
# protect admin urls from unauthorized ip's
if (req.url ~ "^/journal/administrator/") {
if (client.ip ~ fahad) {
return(pass);
} else {
error 405 "Not allowed in admin area . You Should talk to the admin .";
}
}
}
# called after fetch or lookup yields a hit
sub vcl_deliver {
}
#
sub vcl_error {
}
You have to edit above file which is red marked . Above YOUR IP is just your ip to not to allow any other to access a particular folder like wordpress /wp-admin/ . And that red marked “fahad” , you can change that to anything but both should be same . If you have no static ip than you should use Below texts :
## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
.host = "127.0.0.1";
.port = "8000";
}
## Fetch
sub vcl_fetch {
if (req.url ~ "^/js/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
if (req.url ~ "^/css/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
if (req.url ~ "^/img/") {
# removing cookie
unset beresp.http.Set-Cookie;
set beresp.http.cache-control = "max-age = 9999999";
# Cache for 10 day
set beresp.ttl = 1w;
return(deliver);
}
## Remove the X-Forwarded-For header if it exists.
remove req.http.X-Forwarded-For;
## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
if (req.url ~ "^/w00tw00t") {
error 403 "Not permitted";
}
## Deliver the content
return(deliver);
}
sub vcl_recv {
if (req.url ~ ".(png|gif|jpg)$") {
remove req.http.Cookie; }
# unset req.http.cookie;
}
# called after fetch or lookup yields a hit
sub vcl_deliver {
}
#
sub vcl_error {
}
Save this .
Now do this :
nano /etc/apache2/ports.conf
Change:
NameVirtualHost *:80
Listen 80
To:
NameVirtualHost *:8000
Listen 127.0.0.1:8000
Apache will listen on that port .
You will have to edit your vhosts as well . Do This :
nano /etc/apache2/sites-enabled/000-default
Change:
<Virtualhost *:80>
To:
<Virtualhost *:8000>
You should know i am using here a command line text editor named nano which have a key binding of “ctrl+x” to save a file . Now do this :
service apache2 restart;service varnish restart
Now test varnish , open terminal again and do this :
curl -I your_website_address.TLD
If you see anything written word “Varnish” then your procedure is ok and your varnish cache tool is caching 3 folders elements from your websites css,js and img folder . If you get error please tell me .