Caching with Varnish

Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP and other network protocols.

Here , I will explain how to get varnish in front of apache2 or accelerate apache2 with varnish .

varnish-logo

First do this :

  • sudo -s;curl http://repo.varnish-cache.org/debian/GPG-key.txt | sudo apt-key add -
  • sudo -s;echo "deb http://repo.varnish-cache.org/ubuntu/ precise varnish-3.0" | sudo tee -a /etc/apt/sources.list
  • sudo apt-get update
  • sudo apt-get install varnish

Each line seperately run from terminal . or just (not recommended) :

sudo apt-get install varnish

Now do this :

nano /etc/default/varnish

And search for :

DAEMON OPTS=”-a *:6081

And edit that as :

DAEMON OPTS=”-a *:80

Also edit default.vcl to something else, I took “mysite.vcl” .

To save use ‘ctrl+x’ and then ‘y’ and ‘enter’ .

Now do this :

nano /etc/varnish/mysite.vcl

and put below texts there .

## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}

## Fetch
sub vcl_fetch {

if (req.url ~ "^/js/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
  }

if (req.url ~ "^/css/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
 }

if (req.url ~ "^/img/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
 }

		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;

		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
		## Deliver the content
        return(deliver);

}

# create ACL
acl fahad {
  "localhost";
  "***.***.***.***";
}

sub vcl_recv {

  if (req.url ~ ".(png|gif|jpg)$") {
       remove req.http.Cookie;  }
#  unset req.http.cookie;  

  # protect admin urls from unauthorized ip's
  if (req.url ~ "^/journal/administrator/") {
    if (client.ip ~ fahad) {
      return(pass);
    } else {
      error 405 "Not allowed in admin area . You Should talk to the admin .";
    }
  }

}

# called after fetch or lookup yields a hit
sub vcl_deliver {

}

#
sub vcl_error {

}

 

You have to edit above file which is red marked . Above YOUR IP is just your ip to not to allow any other to access a particular folder like wordpress /wp-admin/ . And that red marked “fahad” , you can change that to anything but both should be same . If you have no static ip than you should use Below texts :

 

## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}

## Fetch
sub vcl_fetch {

if (req.url ~ "^/js/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
  }

if (req.url ~ "^/css/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
 }

if (req.url ~ "^/img/") {
    # removing cookie
    unset beresp.http.Set-Cookie;
 set beresp.http.cache-control = "max-age = 9999999";
    # Cache for 10 day
    set beresp.ttl = 1w;
    return(deliver);
 }

		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;

		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
		## Deliver the content
        return(deliver);

}

sub vcl_recv {

  if (req.url ~ ".(png|gif|jpg)$") {
       remove req.http.Cookie;  }
#  unset req.http.cookie;

}

# called after fetch or lookup yields a hit
sub vcl_deliver {

}

#
sub vcl_error {

}

 

Save this .

Now do this :

nano /etc/apache2/ports.conf

Change:

NameVirtualHost *:80
Listen 80

To:

NameVirtualHost *:8000
Listen 127.0.0.1:8000

Apache will listen on that port .

You will have to edit your vhosts as well . Do This :

nano /etc/apache2/sites-enabled/000-default

Change:

<Virtualhost *:80>

To:

<Virtualhost *:8000>

You should know i am using here a command line text editor named nano which have a key binding of “ctrl+x” to save a file . Now do this :

service apache2 restart;service varnish restart

Now test varnish , open terminal again and do this :

curl -I your_website_address.TLD

If you see anything written word “Varnish” then your procedure is ok and your varnish cache tool is caching 3 folders elements from your websites css,js and img folder . If you get error please tell me .

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.