How To: Varnish Cache 4.0 on Ubuntu 14.04 with SSL Termination on

Varnish Cache On Ubuntu.

In this “How To” we will explain how you can configure Varnish Cache On Ubuntu (Version 4.0) on your server with SSL. Varnish Cache on Ubuntu is used to improve the speed and performance on your web server. If you’re not using it yet, we strongly recommend you to do so. We will also cover how to add HTTPS support to Varnish. If you are using HTTPS you must do a bit more configuration than users not running HTTPS, but don’t worry, we will cover that step by step.

In this tutorial, we are using a generic LAMP (Linux, Apache, MySQL, PHP) server hosted at CloudWays.com (DigitalOcean).

Varnish Cache on Ubuntu is an HTTP accelerator which is used to reduce the time to load content to a visitor, or a correct term for it, HTTP reverse proxy. Easily explained, it caches the data needed to load the content in the memory, rather than pulling it from the web server each time it’s loaded. The speed and performance do most of the time improve a lot and you should notice a significant change in speed as well as server load.

Varnish out of the box does work fine for most people, but some applications may need some additional tweaking and we may cover that up in any upcoming tutorial.

Prerequisites

For varnish to work, you need to have a web application server that is listening on HTTP (port 80) and have a private IP address. As mentioned earlier, in this guide we are using a DigitalOcean server host at CloudWays.com

Our Mission

So, our mission with this tutorial is to get Varnish running, serving your users cached content and finalize by adding HTTPS support (if your site is on HTTPS).

Download Varnish

We recommend you to download Varnish via the official repository.

Ubuntu 14.04 comes with apt-transport-https out of the box but to be sure you can run:

sudo apt-get install apt-transport-https

 

Now you need to add the Varnish GPG key to the apt:

curl https://repo.varnish-cache.org/ubuntu/GPG-key.txt | sudo apt-key add -

 

Once that is done, add the varnish 4.0 repository the list of apt sources:

sudo sh -c 'echo "deb https://repo.varnish-cache.org/ubuntu/ trusty varnish-4.0" >> /etc/apt/sources.list.d/varnish-cache.list'

Last up is to update apt-get and install Varnish Cache on Ubuntu:

sudo apt-get update
sudo apt-get install varnish

 

Varnish is configured by default to listen on port 6081 and that your web server is on the same server, listening on port 8080. Once the installation is finished you can open a browser and check if it loads on port 6081: (replace 101.101.101.101 with your IP or domain).

http://101.101.101.101:6081

 

As we just installed varnish cache on ubuntu, it will throw something similar to:

503 Backend Varnish Cache On Ubuntu

This shows that varnish cache is installed and running, but it can’t find the web server which it should be caching. Let’s continue and set that up.

The Varnish Cache on Ubuntu Configuration

First, we must setup Varnish to use our server as a backend by editing the configuration file:

You can find the configuration file at /etc/varnish/default.vcl. To edit it:

sudo vi /etc/varnish/default.vcl

Now you have to find:

backend default {
    .host = "127.0.0.1";
    .port = "80";
}

 

Here you need to change the host and port to the ones you are using on your server. We are using port 80, which is the most common one.

In varnish, there is a future named “grace mode” which allows varnish to load a cached copy of the requested page if the backend web server goes down. If you want you can enable it:

First, find t sub vcl_backend_response block and add:

sub vcl_backend_response {
    set beresp.ttl = 10s;
    set beresp.grace = 1h;
}

 

This will set the grace period to 1 hour, which means Varnish will continue to share cached pages to your user while you are working on getting your web server back online.

Now save and exit the configuration file.

 

Next step is to set Varnish Cache on Ubuntu to listen to the default HTTP port 80 so visitors can visit your website without adding and port behind the URL. Let’s open up /etc/default/varnish and edit it:

sudo vi /etc/default/varnish

A lot of the lines here are commented out, let’s find the DAEMON_OPTS line:

DAEMON_OPTS="-a :6081 \

The -a is the port Varnish will listen for requests on. Let’s update that to the default HTTP port 80.

DAEMON_OPTS="-a :80 \

Now save and exit.

To make the changes live we must restart Varnish. You can easily do this by running:

sudo service varnish restart

Okay, all done, let’s try to visit the IP on the server and see if it works. You can do this by opening a browser and enter your server IP:

http://101.101.101.101

It should load something similar to:

Varnish Cache on Ubuntu

Awesome! You just finished setting up Varnish Cache on Ubuntu, on an HTTP server. Hopefully, you will see an improvement in web performance and speed. If you are setting up Varnish Cache On Ubuntu for HTTPS, let’s continue.

 

SSL / HTTPS Configuration With Nginx

If you are using HTTPS, you need to configure Varnish Cache on Ubuntu to handle it as it doesn’t do that natively. First, we need to install Nginx and configure it with a self-signed SSL certificate.

Let’s install Nginx by running the following APT command:

sudo apt-get install nginx

After installing Nginx will not start as the default Nginx port (80) is already used by Varnish. That’s no problem as we want Nginx to listen to HTTPS, Port 443.

First, we need to generate a self-signed SSL certificate. This we can do by first making a directory for it:

sudo mkdir /etc/nginx/ssl

Then generate the self-signed 2048-bit SSL certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Here you will need to set the common nameto match your domain name. Once that is done, the certificate is in place and we need to configure Nginx to use it.

Open up the default Nginx configuration file:

sudo vi /etc/nginx/sites-enabled/default

If there is data in the file, delete all of it and replace it with the following code (make sure to replace example.com with your own domain):

server {
        listen 443 ssl;

        server_name example.com;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
}

 

Now save and exit.

  • ssl_certificate: The location of the SSL certificate.
  • SSL certificate key: The SSL Key location.
  • listen 443 SSL: Tells Nginx to listen to port 443 for SSL.
  • server_name: The name of your server, should match the common name of the certificate.
  • proxy_pass http://127.0.0.1:80; redirects traffic to Varnish.

Time to start Nginx! Run the following command:

sudo service nginx start

Now open up a browser and try access the IP or domain with HTTPS:

https://101.101.101.101

Important to remember here is we have added a self-signed certificate so you will get a warning that it might be unsafe to access the site. As you know this and you are the one who generated the certificate, it’s safe to proceed. To get rid of this warning you must install a real certificate.

You should now the see same application page as you did before on HTTP.

 

Stats, Logs etc.

There are a few commands that can be useful when using Varnish Cache on Ubuntu. We will cover them up below.

First, if you want to see how well Varnish Cache on Ubuntu is working you can run the following command:

varnishstat

Varnish Cache On Ubuntu

Here you will find a lot of different stats, using the up and down key on your keyboard will bring up a few different data.

You want the cache_hit to be as close to client_reqas possible. Once you finished here you can easily exit with q

 

If you want to access the logs to debug Varnish Cache on Ubuntu you can do so by running:

varnishlog

Once it’s running you can enter your Varnish server via a browser and data should appear in the windows. Once you finished you can exit with.CTRL + C

Conclusion

That’s it! You just installed Varnish Cache On Ubuntu with SSL termination and it’s hopefully up and running! Your server should show an increase in performance and speed.

If you are having problems, don’t hesitate to comment or send me an email and I will do my best to assist!

 

 

Sending
User Review
0 (0 votes)

Leave a Reply