Setting up Varnish for Apache

[ayu]

This tutorial was made for Debian/Ubuntu and assumes that you already have apache2 installed.

Credits goes to the link below, as I used that when I was learning how to set it up properly

Code: Select all

http://www.howtoforge.com/putting-varnish-in-front-of-apache-on-ubuntu-debian

Install Varnish and mod_rpaf

*Varnish is the cache server
*mod_rpaf

Code: Select all

apt-get install varnish libapache2-mod-rpaf 

Now make sure that apache2 and varnish are shut off.

Code: Select all

/etc/init.d/apache2 stop
/etc/init.d/varnish stop

Varnish settings

Open this file

Code: Select all

vim /etc/default/varnish

Change default port from 6081 to 80
Change the line "default.vcl" to something like "custom.vcl"

save the file and open the custom.vcl that you just wrote in the varnish file.
It should be placed like this: /etc/varnish/custom.vcl

Copy/paste this into the custom.vcl file

Code: Select all

## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
        .host = "127.0.0.1";
        .port = "8000";
}
## Fetch
sub vcl_fetch {
		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;
		
		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
		## Deliver the content
        return(deliver);
}

## Deliver
sub vcl_deliver {
		## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
        ## Since we're not caching (yet), why bother telling people we use it?
        remove resp.http.X-Varnish;
        remove resp.http.Via;
        remove resp.http.Age;
		
		## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}

Personally I commented out the rules about removing the Varnish info in vcl_deliver, as I was using Varnish for an experiment, and wanted the info from the server.


Apache settings

Open the ports.conf file and change the apache ports, since we want Varnish to listen on port 80 (standard HTTP port).
We want Apache to listen on port 8000 on localhost so that it can't be reached from the outside, only through Varnish.

Code: Select all

vim /etc/apache2/ports.conf 

Find these two rows

Code: Select all

NameVirtualHost *:80
Listen 80

And change them to

Code: Select all

NameVirtualHost *:8000
Listen 127.0.0.1:8000

You might need to change your vhosts as well, so change them appropriately

Example, change this

Code: Select all

<VirtualHost *:80>

To this

Code: Select all

<VirtualHost *:8000>

Now, just start them up again and you should be set

Code: Select all

/etc/init.d/apache2 start
/etc/init.d/varnish start

[bad_brain]

sweet, good work...
would be nice to do a benchmark with ab to see the performance increase.
also, what Apache MPM are you using? some caching solutions (like eaccelerator) don't work really well together with Worker MPM (which is the best way to run Apache imo).

[ayu]

sweet, good work...
would be nice to do a benchmark with ab to see the performance increase.
also, what Apache MPM are you using? some caching solutions (like eaccelerator) don't work really well together with Worker MPM (which is the best way to run Apache imo).

I use the Apache default (prefork), but I am going to start learning how to best optimize Apache for when I move it to my new VPS.

[bad_brain]

ok, I will check it for Worker MPM on my home server in the next days. not that it's needed, Worker has a way better performance than Prefork anyway (but it occupies more RAM), but some extra speed is never wrong...